Jump to content

dreamer

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes won't update or most or all my AV stuff seems to be infected. I think it is a trojan.? I run MB and it says no errors, but stuff keeps popping up. I am having to even use another computer to email this. Someone please help me.
  2. I am trying to help an employee get pc uninfected. I could not download and run MalBytes from his computer. I Was able to copy a setup file from my computer and move to his.. and it allowed me to load the software but NOT run an update. First time I can it, there were a lot of infections. Several Trojans. I deleted them all. Ran again but does not show an infections. BUT MS security will pop up an infected file screen every now and then. MB will still not allow me to update the version. And AVG errors too. Half the Malbytes forum will not work so I am having to post this on my computer. Can someone help me with next steps?
  3. Done. Thanks Any clue on how I got this. I don't remember doing anything different than I usually do. nor was not opening files when it started. Had hardly even used it the day it started.
  4. Done. Thanks. Any clue as to how I got this? I don't remember opening or doing anything different.
  5. I don't see a folder or file of that name. I don't see a folder \Local Settings\ in administrator. ??? Everything seems to be ok since the malwarebytes run.
  6. ComboFix 10-05-08.03 - Administrator 05/09/2010 15:48:33.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1941 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 18:32 . 2010-05-09 18:43 -------- d-----w- C:\Combo-Fix18610C 2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 19:05 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf ---- ((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-09 19:45 . 2010-05-09 19:45 16384 c:\windows\Temp\Perflib_Perfdata_b88.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 15:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2896) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . Completion time: 2010-05-09 15:54:59 ComboFix-quarantined-files.txt 2010-05-09 19:54 ComboFix2.txt 2010-05-09 18:43 ComboFix3.txt 2010-05-09 17:29 Pre-Run: 13,815,136,256 bytes free Post-Run: 13,781,733,376 bytes free - - End Of File - - BF90E58C9F81881EC0D5E9D14E156A8A === Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.09 - AhnLab-V3 2010.05.09.00 2010.05.08 - AntiVir 8.2.1.236 2010.05.07 - Antiy-AVL 2.0.3.7 2010.05.07 - Authentium 5.2.0.5 2010.05.09 - Avast 4.8.1351.0 2010.05.09 - Avast5 5.0.332.0 2010.05.09 - AVG 9.0.0.787 2010.05.09 - BitDefender 7.2 2010.05.09 - CAT-QuickHeal 10.00 2010.05.08 - ClamAV 0.96.0.3-git 2010.05.09 - Comodo 4800 2010.05.09 - DrWeb 5.0.2.03300 2010.05.09 - eSafe 7.0.17.0 2010.05.09 - eTrust-Vet None 2010.05.07 - F-Prot 4.5.1.85 2010.05.09 - F-Secure 9.0.15370.0 2010.05.09 - Fortinet 4.1.133.0 2010.05.09 - GData 21 2010.05.09 - Ikarus T3.1.1.84.0 2010.05.09 - Jiangmin 13.0.900 2010.05.09 - Kaspersky 7.0.0.125 2010.05.09 - McAfee 5.400.0.1158 2010.05.09 - McAfee-GW-Edition 2010.1 2010.05.09 - Microsoft 1.5703 2010.05.09 - NOD32 5098 2010.05.09 - Norman 6.04.12 2010.05.09 - nProtect 2010-05-09.01 2010.05.09 - Panda 10.0.2.7 2010.05.09 - PCTools 7.0.3.5 2010.05.07 - Prevx 3.0 2010.05.09 - Rising 22.46.06.04 2010.05.09 - Sophos 4.53.0 2010.05.09 - Sunbelt 6282 2010.05.09 - Symantec 20091.2.0.41 2010.05.09 - TheHacker 6.5.2.0.277 2010.05.09 - TrendMicro 9.120.0.1004 2010.05.09 - TrendMicro-HouseCall 9.120.0.1004 2010.05.09 - VBA32 3.12.12.4 2010.05.06 - ViRobot 2010.5.8.2306 2010.05.08 - VirusBuster 5.0.27.0 2010.05.09 - Additional information File size: 207056 bytes MD5...: aabf83058030d6cc6c12d43418c33c86 SHA1..: 645f4e23532136f28e4880149ea55e90770837f0 SHA256: 7162605f36e71caabf4a1d765e2a193dd25546b9cf1157805e68c0e94f74db13 ssdeep: 3072:YW/koiDeUJOFIXBKZ2rR9GxIoFzZxoFftz+YKXidb3e+yIHkADvUhRJpeRc :YW8oWJweBDR9GxIet6ZEYMidb3jjhUhZ PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: Adobe Portable Document Format (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: PDF Header: %PDF-1.3 obj 36 endobj 36 stream 10 endstream 9 xref 1 trailer 1 startxref 1 /Page 2 /Encrypt 0 /ObjStm 0 /JS 0 /JavaScript 0 /AA 0 /OpenAction 0 /AcroForm 0 /JBIG2Decode 0 /RichMedia 0 /Launch 0 /Colors > 2^24 0
  7. ComboFix 10-05-08.03 - Administrator 05/09/2010 14:33:51.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1746 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: d:\setupsnk.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\setupsnk.exe . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_ba8.dat + 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_928.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 14:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe c:\windows\System32\SCardSvr.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\System32\tabbtnu.exe c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\windows\System32\digtizer.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\lotus\notes\ntmulti.exe c:\windows\system32\o2flash.exe c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fujitsu\Utils\FjDspMon.exe c:\program files\Fujitsu\Utils\fjevents.exe c:\windows\system32\igfxext.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-05-09 14:43:33 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-09 18:43 ComboFix2.txt 2010-05-09 17:29 Pre-Run: 13,847,633,920 bytes free Post-Run: 13,813,817,344 bytes free - - End Of File - - E2330FB0497754AB7EE6F49CDC0A9E4D
  8. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/05/09 14:07 Program Version: Version 1.3.5.0 Windows Version: Windows XP Tablet PC Edition SP3 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\Combo-Fix\catchme.sys Address: 0xBA458000 Size: 31744 File Visible: No Signed: - Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xBA118000 Size: 60416 File Visible: No Signed: - Status: - Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x98761000 Size: 876544 File Visible: No Signed: - Status: - Name: mbr.sys Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys Address: 0xBA430000 Size: 20864 File Visible: No Signed: - Status: - Name: PROCEXP113.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Address: 0xBA62C000 Size: 7872 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x97B36000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\HPSLPS001.log Status: Locked to the Windows API! Path: d:\setupsnk.exe Status: Size mismatch (API: 28672, Raw: 1049901663130775552) Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5} Status: Invisible to the Windows API! Path: D:\System Volume Information\_restore{8152C0C8-324C-4987-80CA-A441BE6B69A5} Status: Visible to the Windows API, but not on disk. Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291 Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.2 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106980.ini Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106994.ini Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106996.INF Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\RestorePointSize Status: Invisible to the Windows API! ==EOF==
  9. ComboFix 10-05-08.02 - Administrator 05/09/2010 13:17:57.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1806 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AbaleZip.dll c:\windows\Tasks.\nfowedgj.job c:\windows\Temp\tmp3.tmp D:\Autorun.inf c:\windows\Tasks.\nfowedgj.job . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . - - - - ORPHANS REMOVED - - - - BHO-{41890007-d1c6-405e-be05-335a39c03e6f} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 13:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2572) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\SCardSvr.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\System32\tabbtnu.exe c:\windows\System32\digtizer.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\lotus\notes\ntmulti.exe c:\windows\system32\o2flash.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe c:\windows\AGRSMMSG.exe c:\program files\Fujitsu\Utils\FjDspMon.exe c:\program files\Fujitsu\Utils\fjevents.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-05-09 13:29:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-09 17:29 Pre-Run: 13,062,860,800 bytes free Post-Run: 13,849,145,344 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 71A9A5D9F780D4C21E1AFF33C931BCD6
  10. Fyi. When removing files. It said some not able to remove. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4083 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/9/2010 12:23:37 PM mbam-log-2010-05-09 (12-23-37).txt Scan type: Quick scan Objects scanned: 140613 Time elapsed: 18 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\etyfivgrf\kobmxyltssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
  11. 1. Below is log file from running malwarebytes. I already had it loaded. Virus would not let me update mbam. Virus would not let me know checker unless I re-booted and quickly started the program. If I waited for the re-boot to finish loading programs, it would with program infected, would you like to load anti-virus software?. 2. It let me run the defogger.exe. But it never asked me to re-boot. I rebooted on my own. ran this several times..same result. 3. Dds.Scr would not let me run program. Asked me what program should run it this file type. 4. Gmer program. It would run only if I could start it fast on reboot list number 1 above. When it ran. it either would re-boot on its own without finishing ( I don't think it finished ) or it would hang up and not move/scan a file for an hour or so. Looking forward to hearing from you on next step. Malwarebytes' Anti-Malware 1.44 Database version: 3926 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/8/2010 6:52:02 PM mbam-log-2010-05-08 (18-52-02).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 207656 Time elapsed: 56 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. Thank you. I already have it loaded. It won't let me do an update. When I reboot I can run Mbam only if I do start the program real fast before, I am assuming, the virus starts running, because if I wait it will not pull up the mbam screen. Once up though it will run. I've run it several times and it finds something each time. with name fraudpack or dropper. If I try to pull up the log it will pull it up real quick then go away. It will not stay up long enough for me to save it somewhere else. I will try to find it in the file and I copy if from there, and try to run some more of the programs in the list you gave. Last time on my son's computer, I had to download stuff to run on another computer and move it over. Will try to continue with your list, until I hear back from you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.