Jump to content

weiseak

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ComboFix.txt: ComboFix 11-06-01.02 - admin-aweise 06/01/2011 12:19:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1154 [GMT -5:00] Running from: c:\documents and settings\admin-aweise\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\18341668.exe c:\documents and settings\All Users\Application Data\yqClQMLyEMRydSo.exe c:\documents and settings\bblenkush\Application Data\Adobe\plugs c:\windows\system32\dll . . ((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 ))))))))))))))))))))))))))))))) . . 2011-05-28 13:24 . 2011-05-28 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DellUCM 2011-05-27 20:42 . 2011-05-27 20:42 388096 ----a-r- c:\documents and settings\admin-aweise\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-27 20:42 . 2011-05-27 20:42 -------- d-----w- c:\program files\Trend Micro 2011-05-27 18:14 . 2010-04-07 16:11 121368 ----a-w- c:\windows\system32\DNTUS26.EXE 2011-05-27 15:05 . 2011-05-27 15:05 -------- d-----w- c:\documents and settings\aweise 2011-05-27 15:02 . 2011-05-27 15:02 -------- d-----w- c:\documents and settings\admin-aweise\Application Data\Malwarebytes 2011-05-27 14:56 . 2011-05-27 14:56 -------- d-sh--w- c:\documents and settings\admin-aweise\PrivacIE 2011-05-26 11:50 . 2011-06-01 16:31 596314 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-05-26 01:12 . 2011-05-26 01:12 65536 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\1291AC.tmp 2011-05-26 01:11 . 2011-05-26 01:11 65536 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\1281A9.tmp 2011-05-26 01:11 . 2011-05-26 01:11 65536 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\1271A7.tmp 2011-05-17 11:34 . 2011-05-17 11:34 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-26 01:01 . 2010-03-24 17:53 0 ---ha-w- c:\documents and settings\bblenkush\Local Settings\Application Data\WavXMapDrive.bat 2011-03-11 14:10 . 2008-04-25 16:16 471552 ---ha-w- c:\windows\apppatch\aclayers.dll 2011-03-07 22:55 . 2011-03-07 22:54 0 ---ha-w- c:\documents and settings\admin-aweise\Local Settings\Application Data\WavXMapDrive.bat 2011-03-07 05:33 . 2008-04-25 21:27 692736 ---ha-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2008-04-25 16:16 420864 ---ha-w- c:\windows\system32\vbscript.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-01-17 . 3F061815A6754C0A1C9BF3D78A14BB54 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2009-11-24 21:48 62832 ---ha-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2009-11-24 21:48 62832 ---ha-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-12 149280] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-03-12 2498560] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920] "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 158592] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859] "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672] "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-04-07 85528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2006-06-28 446464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] 2006-05-02 14:17 24576 ---ha-w- c:\windows\system32\novell\xtnotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1169991020-773797089-1067380226-1541\Scripts\Logon\0\0] "Script"=MyComputer.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1169991020-773797089-1067380226-1574\Scripts\Logon\0\0] "Script"=MyComputer.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpmw32.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 6:00 AM 26624] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2009 6:33 PM 1803512] R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899] R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 6:42 PM 278304] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [12/10/2009 2:09 PM 376608] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 10:59 AM 167936] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416] R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [12/22/2009 12:23 PM 77312] R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [5/2/2006 9:17 AM 61440] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/12/2010 5:11 AM 112512] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [3/12/2010 5:12 AM 540288] R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 6:00 AM 3712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/23/2011 8:21 PM 105592] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/12/2010 5:12 AM 109568] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3/12/2010 3:42 AM 232744] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 172.16.71.21 172.16.71.237 172.31.0.3 172.16.71.50 DPF: {A00C0AFC-E004-4024-9D25-52952AC99A6A} - hxxps://nav01.bancmidwest.net/nav_nav1151/NAV1251.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-01 12:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\ADMIN-~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\NETWIN32.DLL c:\program files\Novell\ZENworks\ZENPOL32.DLL c:\windows\system32\xmlparse.dll c:\windows\system32\ZenMup.dll . - - - - - - - > 'Explorer.exe'(5764) c:\windows\system32\WININET.dll c:\windows\system32\igfxdo.dll c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETWIN32.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\drivers\audio\r213367\stacsv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\SYSTEM32\DNTUS26.EXE c:\windows\system32\DWRCS.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Novell\ZENworks\nalntsrv.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\Novell\ZENworks\wm.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\SearchIndexer.exe c:\program files\Novell\ZENworks\WMRUNDLL.EXE c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\igfxsrvc.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\windows\system32\NWTRAY.EXE c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2011-06-01 12:35:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-01 17:35 . Pre-Run: 229,873,934,336 bytes free Post-Run: 230,380,007,424 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DF4E770FB8037EA2BDAEE0B95C9BB9A7 dds.txt: . DDS (Ver_2011-06-01.06) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by admin-aweise at 12:46:56 on 2011-06-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1061 [GMT -5:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\System32\Novell\XTAgent.exe C:\Program Files\Fingerprint Sensor\AtService.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r213367\stacsv.exe svchost.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\SYSTEM32\DNTUS26.EXE C:\WINDOWS\system32\DWRCS.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Novell\ZENworks\wm.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\WINDOWS\system32\DWRCST.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\dpmw32.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe" mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe" mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [NDPS] c:\windows\system32\dpmw32.exe mRun: [NWTRAY] NWTRAY.EXE mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {A00C0AFC-E004-4024-9D25-52952AC99A6A} - hxxps://nav01.bancmidwest.net/nav_nav1151/NAV1251.CAB DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://suntell.webex.com/client/T27L10NSP9/webex/ieatgpc.cab TCP: DhcpNameServer = 172.16.71.21 172.16.71.237 172.31.0.3 172.16.71.50 TCP: Interfaces\{65DDA25D-CB48-460D-9C15-769E1341D9A0} : DhcpNameServer = 192.168.2.1 68.87.77.134 68.87.72.134 TCP: Interfaces\{8541EC2F-983F-4544-8AAD-339BE452E2E3} : DhcpNameServer = 172.16.71.21 172.16.71.237 172.31.0.3 172.16.71.50 Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll . ============= SERVICES / DRIVERS =============== . R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512] R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899] R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576] R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416] R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768] R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2006-5-2 61440] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-3-12 112512] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-3-12 540288] R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-23 105592] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-12 109568] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110526.002\naveng.sys [2011-5-27 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110526.002\navex15.sys [2011-5-27 1542392] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2010-3-12 232744] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-06-01 17:13:25 -------- d-sha-r- C:\cmdcons 2011-06-01 17:09:30 98816 ----a-w- c:\windows\sed.exe 2011-06-01 17:09:30 518144 ----a-w- c:\windows\SWREG.exe 2011-06-01 17:09:30 256512 ----a-w- c:\windows\PEV.exe 2011-06-01 17:09:30 208896 ----a-w- c:\windows\MBR.exe 2011-05-28 13:24:34 -------- d-----w- c:\documents and settings\all users\application data\DellUCM 2011-05-27 20:42:39 388096 ----a-r- c:\documents and settings\admin-aweise\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-05-27 20:42:38 -------- d-----w- c:\program files\Trend Micro 2011-05-27 18:14:43 121368 ----a-w- c:\windows\system32\DNTUS26.EXE 2011-05-27 15:02:50 -------- d-----w- c:\documents and settings\admin-aweise\application data\Malwarebytes 2011-05-27 14:56:18 -------- d-sh--w- c:\documents and settings\admin-aweise\PrivacIE 2011-05-26 11:50:55 596314 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-05-26 01:12:04 65536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1291AC.tmp 2011-05-26 01:11:55 65536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1281A9.tmp 2011-05-26 01:11:52 65536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1271A7.tmp 2011-05-17 11:34:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 12:47:13.03 ===============
  2. Sorry, I accidentally attached the "attach.txt" not realizing you only needed the dds.txt
  3. I am not able to open Malwarebytes. Here are the other logs as requested, thank you! TDSSKiller.2.5.3.0_30.05.2011_13.16.30_log.txt dds.txt attach.txt
  4. Hello, I have a virus that has prevented me from using malwarebytes to fix it. It's hid all my files on my c drive and the only thing that appears to be working besides the internet is HijackThis. My log is attached. Thank you in advance for your assistance! hijackthis.log
  5. Everything appears to be working good. Just ran another scan and nothing came up. Thank you very much for your help.
  6. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5323 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/15/2010 4:41:49 PM mbam-log-2010-12-15 (16-41-49).txt Scan type: Quick scan Objects scanned: 198890 Time elapsed: 5 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. My apologies, Maniac. Here is my new log. Combo_Fix_newlog.txt
  8. I did another malwarebytes scan and came up with: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5312 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/14/2010 10:30:39 AM mbam-log-2010-12-14 (10-30-39).txt Scan type: Quick scan Objects scanned: 198483 Time elapsed: 3 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\regperf.dll (Trojan.P2P.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\syncprxy.dll (Trojan.P2P.Agent) -> Quarantined and deleted successfully.
  9. Hello Maniac, thank you for your help. Combo-Fix txt provided for you. Let me know how to proceed. Thanks again. Combo_Fix.txt
  10. Thank you Borislav. Here are the updated logs. Some of those sites are recognize as my laptop I use at home and at work so I am connected to things here at work. centralbnk.com is our home page. I will wait on your next reply. Thank you again. hijackthis.log mbam_log_2010_12_13__16_51_32_.txt uninstall_list.txt
  11. Hello. I have what I'm assuming is a malware problem along with a browser hijacker that is re-directing me (sometimes, not every time). I'm using Firefox but iexplore.exe continues to pop up in my processes -- then a pop up will come up at different times. I've tried malwarebytes scan (nearly works every time but it's not catching it this time). The quick scan which would normally take me 15-20 mins, is only going about 5 minutes. I've tried other virus scans as well.. nothing has killed it so far. Here is my hijack this log. Any help would be greatly appreciated! hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.