Jump to content

Malwarebytes

Security Tools, Vundo Trojan, & mbm.exe not found.

- - - - -
Started by Xnamagnam, Oct 15 2009 06:49 PM

1 reply to this topic

#1
Xnamagnam
Posted 15 October 2009 - 06:49 PM

    New Member

  • Members
  • Pip
  • 2 posts
Hello, about three days ago I found I was infected with a Adware.trojan/virus called Security Tool. AVG8 has rid me of it, Spyware doctor has told me it is still there, Combo Fix has rid me of it, twice, and I am still unable to download Malwarebytes.exe from the installation, I recieve Code 2: file not found, and then the second time combo fix killed my viruses, code Five, and then code two. Spyware doctor is still showing Trojans and adware on my computer. I have gone through and deleted several registry keys, downloaded Vundo trojan removal tools specifically which have all failed, and even safemode seems affected. This seems to be my largest problem and I am hopping Malwarebytes will be my solution, but something keeps blocking the .exe file from generating, and I believe it is a previous unfound regenerating trojan of somekind. None the less I turn to your expect guidance for help, there is not much else I can do but back up all files and format as a last option. I hope there is just something I have missed, Thank you.

This is the second and most recent Combofix log I have. 

-----
ComboFix 09-10-14.04 - PauL 10/15/2009 13:51.2.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.797 [GMT -4:00]
Running from: c:\documents and settings\PauL\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\66854837
c:\documents and settings\All Users\Application Data\66854837\66854837.exe
c:\windows\system32\kirenalo.dll
c:\windows\system32\litunude.dll

.
(((((((((((((((((((((((((   Files Created from 2009-09-15 to 2009-10-15  )))))))))))))))))))))))))))))))
.

2009-10-14 23:36 . 2009-09-10 18:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 23:36 . 2009-10-15 17:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-14 23:36 . 2009-09-10 18:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-10-14 23:15 . 2009-10-14 23:15	--------	d-sh--w-	c:\documents and settings\PauL\IECompatCache
2009-10-14 19:48 . 2009-10-14 19:48	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-13 16:36 . 2008-12-11 12:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-10-13 16:36 . 2009-08-24 18:05	206256	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-10-13 16:36 . 2009-08-19 15:01	86888	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-13 16:35 . 2008-12-10 15:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-10-13 16:35 . 2009-10-13 16:35	--------	d-----w-	c:\documents and settings\PauL\Application Data\PC Tools
2009-10-13 16:35 . 2009-10-13 16:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2009-10-13 16:30 . 2009-10-13 16:30	--------	d-----w-	C:\!KillBox
2009-10-13 16:29 . 2009-10-13 16:29	--------	d-----w-	c:\documents and settings\PauL\Application Data\Malwarebytes
2009-10-13 16:29 . 2009-10-13 16:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-13 05:09 . 2009-10-13 16:44	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-10-13 05:09 . 2009-10-13 20:08	--------	d-----w-	c:\program files\Spyware Doctor
2009-10-13 05:09 . 2009-10-15 17:43	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 02:00 . 2009-10-13 02:00	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2009-10-11 06:02 . 2009-10-12 15:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\95695741
2009-10-10 18:04 . 2009-10-12 15:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\45580729
2009-10-09 02:15 . 2009-10-09 20:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\00438217
2009-10-04 14:53 . 2008-10-16 18:06	268648	----a-w-	c:\windows\system32\mucltui.dll
2009-10-04 14:53 . 2008-10-16 18:06	208744	----a-w-	c:\windows\system32\muweb.dll
2009-10-04 04:13 . 2009-10-12 20:12	--------	d-----w-	c:\documents and settings\Mom\Tracing
2009-10-03 21:25 . 2009-10-03 21:25	--------	d-----w-	c:\documents and settings\PauL\Tracing
2009-10-03 21:15 . 2009-10-03 21:15	--------	d-----w-	c:\program files\Microsoft
2009-10-03 21:14 . 2009-10-03 21:14	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-10-03 21:14 . 2009-10-03 21:15	--------	d-----w-	c:\program files\Windows Live
2009-10-03 21:09 . 2009-10-03 21:09	--------	d-----w-	c:\program files\Common Files\Windows Live

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 22:20 . 2006-05-16 08:01	--------	d-----w-	c:\program files\Google
2009-10-03 22:19 . 2003-01-27 22:20	--------	d-----w-	c:\program files\DivX
2009-10-03 21:24 . 2003-08-21 07:37	72608	----a-w-	c:\documents and settings\PauL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 23:37 . 2009-08-15 23:41	--------	d-----w-	c:\program files\maptool-1.3.b56
2009-09-25 06:34 . 2006-09-27 03:45	--------	d-----w-	c:\program files\NewzToolz
2009-09-22 21:08 . 2009-08-27 21:04	311784	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-28 13:11 . 2009-08-28 13:11	--------	d-----w-	c:\program files\MSECache
2009-08-28 12:31 . 2008-05-07 03:15	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-08-28 12:31 . 2008-05-07 03:15	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-08-28 12:31 . 2007-02-19 17:26	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 20:01 . 2003-01-01 07:17	--------	d-----w-	c:\program files\AIM95
2009-08-21 08:39 . 2009-08-21 08:39	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-08-21 08:38 . 2004-07-13 20:56	--------	d-----w-	c:\program files\Java
2009-08-20 19:09 . 2009-08-20 19:09	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-14 06:29 . 2008-05-07 03:15	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-08-05 09:01 . 2004-03-23 14:27	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 1980-01-01 05:00	2189184	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00	2066048	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2001-08-18 11:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 11:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-07-26 20:44 . 2009-07-26 20:44	48448	----a-w-	c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2001-08-18 11:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-09 16:53 . 2009-07-09 16:53	1011298	--sha-w-	c:\windows\SYSTEM32\durifesu.exe
2009-07-12 06:03 . 2009-07-12 06:03	1050147	--sha-w-	c:\windows\SYSTEM32\gikuzese.exe
2009-07-14 16:50 . 2009-07-14 16:50	52224	--sha-w-	c:\windows\SYSTEM32\juteruno.dll
2009-07-09 16:53 . 2009-07-09 16:53	172544	--sha-w-	c:\windows\SYSTEM32\kalomawu.dll
2009-07-13 07:34 . 2009-07-13 07:34	1011312	--sha-w-	c:\windows\SYSTEM32\pozarigo.exe
2009-07-11 18:02 . 2009-07-11 18:02	1050147	--sha-w-	c:\windows\SYSTEM32\turejaka.exe
2009-07-14 16:49 . 2009-07-14 16:49	52224	--sha-w-	c:\windows\SYSTEM32\zefumiwu.dll
2009-07-15 17:23 . 2009-07-15 17:23	1113643	--sha-w-	c:\windows\SYSTEM32\zeveluhe.exe
2009-07-12 19:34 . 2009-07-12 19:34	51712	--sha-w-	c:\windows\SYSTEM32\zifisehe.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-15_00.23.05   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 18:04 . 2009-10-15 18:04	16384              c:\windows\temp\Perflib_Perfdata_ac.dat
- 2001-01-22 08:25 . 2001-01-22 08:25	32768              c:\windows\SYSTEM32\ATHPRXY.DLL
+ 2004-01-29 14:08 . 2004-01-29 14:08	32768              c:\windows\SYSTEM32\ATHPRXY.DLL
+ 2009-06-24 23:56 . 2009-06-24 23:56	73728              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:57 . 2007-04-14 01:57	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 02:30 . 2007-04-14 02:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	45056              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	45056              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	22528              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	22528              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	16384              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	16384              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	34304              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	34304              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-08-28 18:06 . 2009-10-05 21:33	40960              c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2009-08-28 18:06 . 2009-10-15 03:48	40960              c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
- 2009-08-28 13:12 . 2009-08-28 13:12	38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-10-15 03:50 . 2009-10-15 03:50	38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-10-15 03:47 . 2009-10-15 03:47	90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ab00085f\System.Drawing.Design.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a4e950c\CustomMarshalers.dll
+ 2001-11-15 13:19 . 2009-10-15 03:51	3584              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	3584              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	8192              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	8192              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2001-11-15 13:19 . 2009-10-08 20:52	2560              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2001-11-15 13:19 . 2009-10-15 03:51	2560              c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2003-12-21 10:16 . 2009-04-10 05:01	413032              c:\windows\SYSTEM32\wmspdmod.dll
+ 2003-12-21 10:16 . 2009-04-10 05:01	413032              c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll
- 2007-04-14 01:58 . 2007-04-14 01:58	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:56 . 2007-04-14 01:56	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 02:30 . 2007-04-14 02:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-04-20 18:59 . 2009-04-20 18:59	219648              c:\windows\Installer\b9c139.msp
+ 2009-02-10 12:50 . 2009-02-10 12:50	536576              c:\windows\Installer\b9c0f8.msp
+ 2008-01-24 14:04 . 2008-01-24 14:04	678400              c:\windows\Installer\b9c0c8.msp
+ 2009-08-28 18:06 . 2009-10-15 03:48	135168              c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-28 18:06 . 2009-10-05 21:33	135168              c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-15 03:48 . 2009-10-15 03:48	835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a907ea53\System.Drawing.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7e421100\System.Drawing.Design.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_182a294a\CustomMarshalers.dll
+ 2009-08-14 01:59 . 2009-08-05 00:44	2189184              c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2009-08-14 01:59 . 2009-02-06 10:32	2023936              c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2009-08-14 01:59 . 2009-08-04 14:20	2023936              c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2009-02-07 23:02 . 2009-02-07 23:02	2066048              c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2009-08-04 14:20	2066048              c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2009-08-14 01:59 . 2009-02-06 11:06	2145280              c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2009-08-14 01:59 . 2009-08-04 15:13	2145280              c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2007-04-14 02:35 . 2007-04-14 02:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:50 . 2007-04-14 01:50	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-09-04 19:52 . 2008-09-04 19:52	4337664              c:\windows\Installer\b9c12b.msp
+ 2008-01-14 18:26 . 2008-01-14 18:26	4478464              c:\windows\Installer\b9c115.msp
+ 2006-02-27 20:31 . 2006-02-27 20:31	1269248              c:\windows\Installer\b9c106.msp
+ 2006-03-28 19:37 . 2006-03-28 19:37	6956032              c:\windows\Installer\b9c0e8.msp
+ 2006-08-29 21:50 . 2006-08-29 21:50	3210240              c:\windows\Installer\b9c0d7.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08	6747648              c:\windows\Installer\b9c0b5.msp
+ 2004-03-10 13:13 . 2004-03-10 13:13	2602496              c:\windows\Installer\b9c096.msp
+ 2009-04-29 19:03 . 2009-04-29 19:03	8404992              c:\windows\Installer\b9c088.msp
+ 2004-09-13 04:35 . 2004-09-13 04:35	1452544              c:\windows\Installer\b9c079.msp
+ 2009-08-20 19:27 . 2009-08-20 19:27	3622400              c:\windows\Installer\b9c02b.msp
+ 2008-03-31 20:35 . 2008-03-31 20:35	8309760              c:\windows\Installer\b9c01c.msp
+ 2009-08-14 01:59 . 2009-08-05 00:44	2189184              c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2009-08-14 01:59 . 2009-08-04 14:20	2023936              c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2009-08-14 01:59 . 2009-02-06 10:32	2023936              c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2009-02-07 23:02 . 2009-02-07 23:02	2066048              c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2009-08-04 14:20	2066048              c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2009-08-14 01:59 . 2009-02-06 11:06	2145280              c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2009-08-14 01:59 . 2009-08-04 15:13	2145280              c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2009-10-15 03:47 . 2009-10-15 03:47	1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a3e70945\System.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5709e0f5\System.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66cac31f\System.Xml.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_228d4677\System.Xml.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c5866805\System.Windows.Forms.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c29149fc\System.Windows.Forms.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7ef11248\System.Drawing.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_746892b6\System.Design.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_18a48487\System.Design.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3efd8b76\mscorlib.dll
+ 2009-10-15 03:48 . 2009-10-15 03:48	3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2f6ba23d\mscorlib.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-12-15 03:54 . 2007-12-15 03:54	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-12-15 03:54 . 2007-12-15 03:54	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 03:47 . 2009-10-15 03:47	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08	11315712              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49	22457344              c:\windows\Installer\b9c11d.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09	17254912              c:\windows\Installer\b9c0ad.msp
+ 2007-05-08 15:10 . 2007-05-08 15:10	16874376              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c43eb95-bb3f-438e-95fc-9622b2c35b6b}]
2009-07-14 16:50	52224	--sha-w-	c:\windows\SYSTEM32\juteruno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 49152]
"Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-11 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-10 2023704]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"dofufozuv"="c:\windows\system32\kirenalo.dll" [BU]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-10-22 1622016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-10-23 45056]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:31	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\MSMSGSIN.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/13/2009 12:36 PM 206256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/6/2008 11:15 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/6/2008 11:15 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/14/2009 2:29 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/14/2009 2:29 AM 297752]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/13/2009 12:35 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.vclart.net/vcl/artists/manga-man-x
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
FF - ProfilePath - c:\documents and settings\PauL\Application Data\Mozilla\Firefox\Profiles\hu4h7z5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-66854837 - c:\docume~1\ALLUSE~1\APPLIC~1\66854837\66854837.exe
SharedTaskScheduler-{529a4389-717d-474a-90ad-32162927b906} - c:\windows\system32\kirenalo.dll
SSODL-lifewivaf-{529a4389-717d-474a-90ad-32162927b906} - c:\windows\system32\kirenalo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2009-10-15 14:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??????x??? ???X??? ??????? ???P????(?w'(?w????????????(???u??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e????? 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,6a,64,5a,31,4d,21,47,80,e3,a6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,6a,64,5a,31,4d,21,47,80,e3,a6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\java.exe
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-10-15 14:16 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-15 18:16
ComboFix2.txt  2009-10-15 00:35

Pre-Run: 36,853,579,776 bytes free
Post-Run: 35,765,063,680 bytes free

327	--- E O F ---	2009-10-15 03:51
---------------

#2
Xnamagnam
Posted 15 October 2009 - 10:59 PM

    New Member

  • Members
  • Pip
  • 2 posts
Retracting need for aid, AVG updates and Combo Fix update seemed to remove the threat enough to allow Malwarebytes to download.
Make sure you have the latest versions.
Now scanning my computer with sed Malwarbytes currently.

Thank you.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us