Jump to content

txshrode

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by txshrode

  1. txshrode
    Ya .. the space was there. ComboFix /uninstall did work, however.
  2. txshrode
    I tried the ComboFix /u and it just re-runs the scan and report. It doesn't seem to uninstall it. Should that Qoobox directory be removed?
  3. txshrode
    The file has been submitted.
  4. txshrode
    For moving forward, what programs do you recommend installing for anti-spyware/anti-virus. Up to this point I've used Avira and SAS mostly. Thanks again.
  5. txshrode
    Here's the log ... and thanks again! 2009-12-21 18:19:32 . 2009-12-21 18:19:32 1,456 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Flash Player ActiveX.reg.dat 2009-12-21 18:19:20 . 2009-12-21 18:19:20 256 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-CTFMON.reg.dat 2009-12-21 18:09:47 . 2009-12-21 18:09:47 53,955 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\_LVPrcInj01_.dll.zip 2009-12-21 18:06:01 . 2009-12-21 18:06:01 18,850 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_yaftastv_.sys.zip 2009-12-21 18:05:59 . 2009-12-21 18:05:59 11,438 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_czryfxbg_.sys.zip 2009-12-21 18:05:11 . 2009-12-21 18:05:11 106,066 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_czryfxbg.reg.dat 2009-12-21 18:05:11 . 2009-12-21 18:05:11 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CZRYFXBG.reg.dat 2009-12-21 18:04:47 . 2009-12-21 18:04:47 10,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-12-21 17:51:17 . 2009-12-21 18:09:48 601 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-12-21 16:47:28 . 2008-07-26 14:25:24 109,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\LVPrcInj01.dll.vir 2009-12-14 17:30:44 . 2009-12-14 18:30:06 5,784 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tmp.reg.vir 2009-04-12 19:30:35 . 2009-04-12 19:30:35 55 ----a-w- C:\Qoobox\Quarantine\C\xcrashdump.dat.vir 2004-08-04 11:00:00 . 2004-08-04 11:00:00 23,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\czryfxbg.sys.vir 2004-08-04 11:00:00 . 2004-08-04 11:00:00 23,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\yaftastv.sys.vir
  6. txshrode
    just did that and it came up clean with a quick scan ... performing a full scan right now to be sure. Hopefully this is it.
  7. txshrode
    ComboFix 09-12-20.08 - Nick Lateur 12/21/2009 11:57:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.262 [GMT -6:00] Running from: c:\documents and settings\Nick Lateur\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bat.dll c:\windows\system32\drivers\czryfxbg.sys c:\windows\system32\drivers\yaftastv.sys c:\windows\system32\tmp.reg c:\windows\TEMP\logishrd\LVPrcInj01.dll C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CZRYFXBG -------\Service_czryfxbg ((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))))) . 2009-12-18 22:07 . 2009-12-18 22:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-12-18 22:03 . 2009-12-18 22:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-12-17 17:06 . 2009-12-17 17:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-16 20:57 . 2009-12-16 20:57 -------- d-----w- c:\program files\FileASSASSIN 2009-12-16 16:25 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-16 16:25 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-16 15:11 . 2009-12-16 15:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-12-16 15:00 . 2009-12-16 15:10 -------- d-----w- c:\windows\ie8updates 2009-12-16 13:35 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-16 13:35 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-16 13:25 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-15 22:30 . 2009-12-15 22:30 -------- d-sh--w- c:\documents and settings\Nick Lateur\PrivacIE 2009-12-15 22:22 . 2009-12-15 22:22 -------- d-sh--w- c:\documents and settings\Nick Lateur\IETldCache 2009-12-15 22:14 . 2009-12-15 22:19 -------- dc-h--w- c:\windows\ie8 2009-12-15 18:18 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-15 17:30 . 2009-12-15 17:30 -------- d-----w- c:\documents and settings\Nick Lateur\Application Data\MSNInstaller 2009-12-15 17:15 . 2009-12-15 17:15 -------- d-----w- c:\windows\system32\scripting 2009-12-15 17:15 . 2009-12-15 17:15 -------- d-----w- c:\windows\l2schemas 2009-12-15 17:15 . 2009-12-15 17:15 -------- d-----w- c:\windows\system32\en 2009-12-15 17:15 . 2009-12-15 17:15 -------- d-----w- c:\windows\system32\bits 2009-12-15 17:03 . 2009-12-15 17:03 -------- d-----w- c:\documents and settings\Nick Lateur\Application Data\Uniblue 2009-12-15 17:03 . 2009-12-15 17:03 -------- d-----w- c:\program files\Uniblue 2009-12-15 17:00 . 2009-12-15 17:00 -------- d-----w- c:\windows\EHome 2009-12-14 21:08 . 2009-12-17 19:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-14 17:44 . 2009-12-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-14 17:44 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\Nick Lateur\Application Data\SUPERAntiSpyware.com 2009-12-14 17:44 . 2009-12-16 15:37 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-12-14 17:41 . 2009-12-16 16:26 -------- d-----w- c:\documents and settings\Nick Lateur\Application Data\Malwarebytes 2009-12-14 17:06 . 2009-12-16 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-14 17:06 . 2009-12-16 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-14 16:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-12-13 17:04 . 2009-12-15 16:06 -------- d-----w- c:\documents and settings\Nick Lateur\Local Settings\Application Data\lcomgi . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-19 23:05 . 2007-02-03 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-18 22:02 . 2007-02-03 03:07 -------- d-----w- c:\program files\Google 2009-12-16 15:50 . 2009-01-16 02:28 -------- d-----w- c:\documents and settings\Nick Lateur\Application Data\Skype 2009-12-15 17:59 . 2004-11-30 20:31 82160 ----a-w- c:\documents and settings\Nick Lateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-15 17:50 . 2004-11-18 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-12-15 17:31 . 2004-11-18 06:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-15 17:30 . 2007-02-09 04:25 -------- d--h--w- c:\documents and settings\Nick Lateur\Application Data\Move Networks 2009-12-15 17:29 . 2004-11-18 06:55 -------- d-----w- c:\program files\Digital Line Detect 2009-12-15 17:19 . 2004-08-10 19:13 78471 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-12-14 18:28 . 2004-11-18 06:57 -------- d-----w- c:\program files\Common Files\Real 2009-12-14 18:27 . 2004-11-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\documents and settings\Nick Lateur\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-12-04 10:02 . 2006-08-24 01:47 -------- d-----w- c:\program files\ZipForm Desktop 2009-10-29 07:45 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-04 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-04 11:00 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-04 11:00 79872 ----a-w- c:\windows\system32\raschap.dll 2008-09-22 16:26 . 2008-02-05 04:56 88 --sh--r- c:\windows\SYSTEM32\3EBCC1BFB1.sys 2008-09-22 16:26 . 2008-02-05 04:37 2828 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-15 110592] DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2007-3-21 102400] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2004-01-12 12:55 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"= S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 4:02 PM 135664] --- Other Services/Drivers In Memory --- *NewlyCreated* - CZRYFXBG *Deregistered* - czryfxbg . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = localhost uInternet Settings,ProxyServer = http=127.0.0.1:5555 Trusted Zone: topproducer8i.com\www TCP: {AD9A7C38-F039-4EB8-8AED-EF1BE35344B7} = 68.94.156.1,68.94.157.1 DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB FF - ProfilePath - c:\documents and settings\Nick Lateur\Application Data\Mozilla\Firefox\Profiles\djd9w4yl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\documents and settings\Nick Lateur\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Nick Lateur\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CTFMON - (no file) AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-21 12:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(612) c:\windows\system32\LgNotify.dll - - - - - - - > 'explorer.exe'(7016) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\S24EvMon.exe c:\windows\system32\ZCfgSvc.exe c:\windows\system32\1XConfig.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\ge security supra\syncservice.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\GE Security Supra\ProxyDaemon.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\ssl\stunnel-4.10.exe c:\windows\system32\PSIService.exe c:\windows\system32\RegSrvc.exe c:\windows\system32\ScsiAccess.EXE c:\windows\system32\wdfmgr.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\program files\Lexmark X6100 Series\lxbfbmon.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-12-21 12:21:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-21 18:20 Pre-Run: 28,035,444,736 bytes free Post-Run: 28,482,027,520 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 5E37B286434F90DD488E4B3F75227419
  8. txshrode
    Do I need to install HijackThis as well then?
  9. txshrode
    I removed them, restarted and re-ran MB ... no change. Here's the newest log as of a couple of minutes ago. Malwarebytes' Anti-Malware 1.42 Database version: 3403 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/21/2009 10:43:53 AM mbam-log-2009-12-21 (10-43-53).txt Scan type: Quick Scan Objects scanned: 108056 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/Nick Lateur/Local Settings/Temp/pivvfjza.dat (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pivvfjza.dat (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pivvfjza.dat (Rootkit.Agent) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Nick Lateur\Local Settings\Temp\pivvfjza.dat (Rootkit.Agent) -> Delete on reboot.
  10. txshrode
    Sorry ... didn't know which to uninstall, so I figured both would be OK. Here's the newest log ... Malwarebytes' Anti-Malware 1.42 Database version: 3386 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/21/2009 9:07:49 AM mbam-log-2009-12-21 (09-07-46).txt Scan type: Quick Scan Objects scanned: 108011 Time elapsed: 9 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/Nick Lateur/Local Settings/Temp/pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pivvfjza.dat (Rootkit.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Nick Lateur\Local Settings\Temp\pivvfjza.dat (Rootkit.Agent) -> No action taken.
  11. txshrode
    When I say I re-ran MB, I mean I ran it, repaired, restarted and re-ran it again, with the same results.
  12. txshrode
    Hello, I uninstalled both MSE and Avira, restarted then re-ran MB with the same result.
  13. txshrode
    Hi ... this topic was a duplicate, created by mistake and should be deleted. Thanks.
  14. txshrode
    OTL Extras logfile created on: 12/18/2009 10:56:19 AM - Run 1 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Nick Lateur\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 494.42 Mb Total Physical Memory | 226.37 Mb Available Physical Memory | 45.79% Memory free 1.13 Gb Paging File | 0.62 Gb Available in Paging File | 55.25% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.34 Gb Total Space | 26.10 Gb Free Space | 49.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICK Current User Name: Nick Lateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{06B8DAD8-2809-475E-BA9D-C34479A0D58A}" = Dell TrueMobile 2300 Control Utility "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype
  15. txshrode
    OTL logfile created on: 12/18/2009 10:56:19 AM - Run 1 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Nick Lateur\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 494.42 Mb Total Physical Memory | 226.37 Mb Available Physical Memory | 45.79% Memory free 1.13 Gb Paging File | 0.62 Gb Available in Paging File | 55.25% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.34 Gb Total Space | 26.10 Gb Free Space | 49.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICK Current User Name: Nick Lateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/18 10:54:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Lateur\Desktop\OTL.exe PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/11/13 23:24:05 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe PRC - [2008/11/04 12:09:58 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2008/08/14 17:15:46 | 02,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008/08/14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008/08/14 17:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\SYSTEM32\PSIService.exe PRC - [2006/09/07 10:05:16 | 00,102,400 | ---- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\SyncInfoApp.exe PRC - [2006/09/07 10:05:16 | 00,053,248 | ---- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe PRC - [2006/09/07 10:05:16 | 00,011,776 | ---- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\ProxyDaemon.exe PRC - [2005/11/16 10:34:28 | 00,073,216 | ---- | M] () -- C:\SSL\stunnel-4.10.exe PRC - [2005/09/20 08:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe PRC - [2005/09/20 08:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe PRC - [2005/09/20 08:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxsrvc.exe PRC - [2005/06/24 13:38:02 | 00,077,914 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2005/06/24 13:36:40 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe PRC - [2004/03/15 01:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe PRC - [2004/01/12 06:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe PRC - [2004/01/09 10:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe PRC - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe PRC - [2003/12/13 15:28:04 | 00,630,915 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2003/12/05 09:58:36 | 00,314,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe PRC - [2003/09/23 00:20:02 | 00,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe PRC - [2003/09/23 00:01:40 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe PRC - [2003/09/22 23:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE PRC - [2003/09/22 23:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE PRC - [2003/06/08 17:48:18 | 00,016,432 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe PRC - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE ========== Modules (SafeList) ========== MOD - [2009/12/18 10:54:40 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Lateur\Desktop\OTL.exe MOD - [2008/07/26 08:25:24 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll MOD - [2002/03/13 07:57:24 | 00,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Nick Lateur\Local Settings\TempIadHide3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (MCVSRte) SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/11/13 23:24:05 | 00,168,432 | ---- | M] (Google) [Auto | Running] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/09/07 10:05:16 | 00,053,248 | ---- | M] (GE Security Supra) [Auto | Running] -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync) SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor) SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc) SRV - [2003/12/05 09:58:36 | 00,314,424 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS) SRV - [2003/09/22 23:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS) SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc) SRV - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV - [2009/12/17 13:21:21 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt) DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter) DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/07/26 09:26:56 | 00,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService) DRV - [2008/07/26 09:26:44 | 04,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC) DRV - [2008/07/26 09:26:22 | 00,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/07/26 09:25:48 | 00,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS) DRV - [2008/07/26 08:25:02 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimUsb.sys -- (RimUsb) DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv) DRV - [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL) DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimVSerPort) DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimSerPort) DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2006/09/07 10:00:18 | 00,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabser.sys -- (slabser) DRV - [2006/09/07 10:00:18 | 00,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabbus.sys -- (slabbus) DisplayKEY USB Cradle driver (WDM) DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm) DRV - [2005/06/24 13:19:52 | 00,190,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP) DRV - [2005/04/08 22:45:40 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2004/11/18 00:55:33 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2004/08/04 05:00:00 | 00,023,424 | ---- | M] (MCCI) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\czryfxbg.sys -- (czryfxbg) DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink) DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM) DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv) DRV - [2004/04/23 09:59:44 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004/03/18 12:01:24 | 00,066,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifm.sys -- (tifm) DRV - [2004/03/15 01:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/03/15 01:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/03/15 01:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/03/15 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/03/15 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/03/15 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/03/15 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/03/15 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/03/15 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/02/27 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004/02/13 10:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2004/02/13 03:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/01/19 17:28:48 | 00,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM) DRV - [2004/01/14 19:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/01/14 19:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2004/01/13 02:41:46 | 02,482,176 | ---- | M] (Intel
  16. txshrode
    Hello, I have an infection that never gets eliminated. I can run the check and fix, but it always comes up with them again. Below is the log file from the most recent scan. The results show "no action taken" because I copied the log prior to restarting. Has anyone seen this particular issue? Thanks, Darin =============================================================== Malwarebytes' Anti-Malware 1.42 Database version: 3382 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/18/2009 9:01:53 AM mbam-log-2009-12-18 (09-01-44).txt Scan type: Full Scan (C:\|) Objects scanned: 217334 Time elapsed: 4 hour(s), 21 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/Nick Lateur/Local Settings/Temp/pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pivvfjza.dat (Rootkit.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Nick Lateur\Local Settings\Temp\pivvfjza.dat (Rootkit.Agent) -> No action taken.
  17. txshrode
    Hello, I have an infection that never gets eliminated. I can run the check and fix, but it always comes up with them again. Below is the log file from the most recent scan. The results show "no action taken" because I copied the log prior to restarting. Has anyone seen this particular issue? Thanks, Darin =============================================================== Malwarebytes' Anti-Malware 1.42 Database version: 3382 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/18/2009 9:01:53 AM mbam-log-2009-12-18 (09-01-44).txt Scan type: Full Scan (C:\|) Objects scanned: 217334 Time elapsed: 4 hour(s), 21 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/Nick Lateur/Local Settings/Temp/pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pivvfjza.dat (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pivvfjza.dat (Rootkit.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Nick Lateur\Local Settings\Temp\pivvfjza.dat (Rootkit.Agent) -> No action taken.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.