pablissimo

Members
  • Content count

    7
  • Joined

  • Last visited

About pablissimo

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. So here is the log from the MBAM quick scan - looks clean so I am happy. But still paranoid. I'm having some trouble deciding how to reformat and reinstall operating system on my old virut-infested netbook because it came with XP preinstalled and it has no external drive (well, a usb port). Not sure if you have any other suggestions since that link to the MIT webpage is dead, but anything is appreciated. Here is the logfile - thanks again. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/29/2010 10:26:31 PM mbam-log-2010-03-29 (22-26-31).txt Scan type: Quick scan Objects scanned: 99716 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Shoot, that doesn't sound like good news. I have a question - is it possible that I have infected my other computer with this virus? I had been using the USB to transfer files from the "good" computer to the "bad" computer since I could not run Firefox or IE. Is there a great risk that my good computer has been infected as well? It appears to be working well and no programs have any issues. Just in case I ran rkill and combofix, the log is attached below. It has AVG 9, Spybot, and Teatimer running. Recent scans with AVG, MBAM, and SAS all turned up negative. Anyhow, this is just b/c I am so paranoid about that nasty old bug virut. Ok, well, now I'm off to back up and then format my hard drive. When you have a chance to comment on the logfile below, that would be great. Thanks for your help, Pablissimo ComboFix 10-03-29.02 - Administrator 03/29/2010 20:43:29.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.186 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\My Documents\ZbThumbnail.info c:\recycler\S-1-5-21-839522115-854245398-1801674531-500 c:\windows\system32\nsprs.dll c:\windows\system32\serauth1.dll c:\windows\system32\serauth2.dll c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 ))))))))))))))))))))))))))))))) . 2010-03-29 19:07 . 2010-03-29 19:07 -------- d--h--w- c:\windows\PIF 2010-03-29 02:21 . 2010-03-29 02:21 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-29 02:20 . 2010-03-29 02:20 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-29 02:19 . 2010-03-29 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-29 01:43 . 2010-03-29 01:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit 2010-03-29 01:43 . 2010-03-29 01:43 -------- d-----w- c:\program files\Foxit Software 2010-03-28 23:31 . 2010-03-29 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-03-28 23:31 . 2010-03-28 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor 2010-03-28 23:29 . 2010-03-13 09:39 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-03-28 23:29 . 2010-03-13 09:38 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-03-28 23:29 . 2010-03-13 09:38 226680 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-03-28 23:29 . 2010-03-28 23:29 -------- d-----w- c:\program files\Tall Emu 2010-03-28 13:40 . 2010-03-29 23:55 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat 2010-03-28 05:16 . 2010-03-28 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-28 02:46 . 2010-03-28 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2010-03-28 02:45 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-03-28 02:45 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-28 02:44 . 2010-03-28 02:44 -------- d-----w- c:\program files\iPod 2010-03-28 02:44 . 2010-03-28 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-28 02:44 . 2010-03-28 02:45 -------- d-----w- c:\program files\iTunes 2010-03-28 02:42 . 2010-03-28 02:43 -------- d-----w- c:\program files\QuickTime 2010-03-28 02:42 . 2010-03-28 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-03-28 02:41 . 2010-03-28 02:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple 2010-03-28 02:41 . 2010-03-28 02:41 -------- d-----w- c:\program files\Apple Software Update 2010-03-28 02:41 . 2010-03-28 02:45 -------- dc----w- c:\windows\system32\DRVSTORE 2010-03-28 02:40 . 2010-03-28 02:44 -------- d-----w- c:\program files\Common Files\Apple 2010-03-28 02:40 . 2010-03-28 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-03-28 02:39 . 2010-03-28 03:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2010-03-28 02:09 . 2010-03-28 02:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-03-28 00:10 . 2010-03-28 00:10 -------- d-----w- C:\$AVG 2010-03-28 00:08 . 2010-03-28 00:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-28 00:06 . 2010-03-28 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-03-28 00:05 . 2010-03-28 01:59 -------- d-----w- c:\windows\SxsCaPendDel 2010-03-27 23:35 . 2010-03-27 23:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\scripting 2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\l2schemas 2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\en 2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\bits 2010-03-27 20:36 . 2010-03-27 20:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-27 20:34 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-27 20:34 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-27 20:34 . 2010-03-27 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-23 21:41 . 2010-03-23 21:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2010-03-23 21:41 . 2010-03-23 21:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-23 21:36 . 2010-03-23 21:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-03-23 21:33 . 2010-03-23 21:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-28 05:19 . 2009-01-19 16:08 -------- d-----w- c:\program files\Java 2010-03-28 05:16 . 2009-11-25 17:16 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-28 03:17 . 2008-02-18 00:56 44112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-28 03:09 . 2008-12-06 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-28 02:43 . 2008-07-10 22:58 -------- d-----w- c:\program files\Bonjour 2010-03-28 00:10 . 2008-12-06 18:18 -------- d-----w- c:\program files\AVG 2010-03-28 00:10 . 2008-12-06 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-28 00:08 . 2008-12-06 18:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-28 00:08 . 2008-12-06 18:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-27 23:23 . 2006-04-26 00:09 87131 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-03-27 22:43 . 2008-12-05 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-27 22:38 . 2008-12-05 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-23 21:35 . 2008-04-11 15:58 -------- d-----w- c:\program files\Google 2010-02-15 22:41 . 2010-02-15 22:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2009-12-31 16:50 . 2006-04-25 15:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCTVOICE"="pctspk.exe" [2004-01-29 180224] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976] "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218] "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-09-01 978944] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-13 6658552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk.disabled [2008-5-3 986] Adobe Reader Speed Launch.lnk.disabled [2006-4-25 1757] Economy Mode(ECO) Setting Utility.lnk - c:\program files\Panasonic\CHGBMODE\ChgBmode.exe [2006-4-25 131072] Optical Disc Drive Power-Saving Utility.lnk - c:\program files\Panasonic\OPDOFF\opdoff.exe [2006-4-25 155648] Touch Pad utility.lnk - c:\program files\Panasonic\TouchPad\Touchpad.exe [2006-4-25 339968] Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-4-25 81920] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-28 00:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-10-04 05:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "B'sCLiP"=c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "PRunOnce"=c:\util\prunonce\PRunOnce.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "<NO NAME>"= "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [4/26/2006 2:29 PM 10624] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/6/2008 2:19 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/27/2010 8:08 PM 242696] R1 chgbmode;Panasonic Charge Mode Changer Driver;c:\program files\Panasonic\CHGBMODE\ChgBmode.sys [4/25/2006 8:48 PM 7680] R1 MiscOPD;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\miscOPD.sys [4/25/2006 8:53 PM 6144] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/28/2010 7:29 PM 226680] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/28/2010 7:29 PM 24440] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/28/2010 7:29 PM 29560] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632] R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [4/25/2006 8:57 PM 7680] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/27/2010 8:08 PM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/27/2010 8:08 PM 308064] R2 bgsvc;B's Recorder GOLD Service;c:\program files\B's Recorder GOLD8\bgsvc.exe [4/26/2006 2:22 PM 81920] R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [4/25/2006 8:46 PM 7168] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/28/2010 7:29 PM 1284600] R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\opdoffsv.exe [4/25/2006 8:53 PM 147456] R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [4/25/2006 8:54 PM 7168] R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [4/25/2006 8:55 PM 8192] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/28/2010 7:29 PM 3360760] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 5:36 PM 135664] S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [4/26/2006 2:29 PM 163968] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMD21 *Deregistered* - klmd21 . Contents of the 'Scheduled Tasks' folder 2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 21:35] 2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 21:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\56ln7zgj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-29 20:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-17987570-2329133785-2066284789-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,9e,14,80,37,8f,f9,41,8b,d8,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,9e,14,80,37,8f,f9,41,8b,d8,35,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(528) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2010-03-29 21:03:24 ComboFix-quarantined-files.txt 2010-03-30 01:03 Pre-Run: 41,099,382,784 bytes free Post-Run: 41,590,464,512 bytes free - - End Of File - - 5C9F41E0F151FCC280A9F7E02F5AA226 ComboFix.txt
  3. Ok well I was able to load the computer in both safe mode and regular mode but on both occasions all of the different versions of Combo-Fix will not run. They all come up with a message saying they are compromised by a a virus named "virut", and a fresh copy should be downloaded. I tried downloading fresh copies from my other computer onto USB and restarting the computer, reloading rkill and Combo-Fix, but rkill will not complete its program and Combo-Fix always comes up as "compromised by virut". This was attempted in both safe mode and regular mode.
  4. I restarted it with the "last known good configuration" but it still hangs up at the same point. Aargh!
  5. Ok, so now I tried to restart my laptop and it does not go past the point that I mentioned (goes through login but shows desktop only without any icons). I have tried to reboot a few times and have gotten hung up on the same screen. There is a choice early on in the boot sequence to go through the Microsoft Recovery Console although I haven't tried it. Any other suggestions?
  6. Hi Kenny94, Thanks for your help. So I downloaded and ran the rkill programs that you listed after disabling all scanners, antivirus programs, and firewalls. After running all of them, they ended with a popup box saying "c:\rkill.log Access is denied." I am not sure if this means success or failure, or something else, but I figured it might be worth mention. I downloaded and ran Combo-Fix.exe which initially brought up a popup that said to note the following file that was attaching itself when I opened Combo-Fix. c:\Documents and settings\Paul\localsettings\application data\windows server\iocimd.dll Then Combo-Fix required download of Microsoft Windows Recovery Console, which it says was not present. After this, the scan for malware began. Shortly afterwards, it announced that there was rootkit activity and that a reboot was necessary. After reboot the computer ran through the welcome screen and password login, but after I logged in it stopped running. The desktop image is present none of the icons, files, programs, toolbars, or anything are present. There does not seem to be any activity on the hard drive either. What should I do here?
  7. So my wife's laptop was infected by some sort of scareware program. I downloaded and used Malwarebytes to fix it (I think - computer seems to be running fine now), but in the process my laptop ended up infected with something that I can't seem to remove. I am not really computer savvy, so I need a hand. I looked over the "I'm infected - What do I do now?" guide for my wife's computer and tried the fixes on there for my laptop, but no no avail. So I am here. I have run Malwarebytes and Spybot which have consistently pulled up tons of problems. Every time I "fix" the issues, the computer needs to be rebooted and more stuff comes up. I shut off my wifi to prevent anything from being transferred in/out, and have used my wife laptop with a USB to transfer any files. My firewall is blocking tons of new program openings and it just seems to be getting worse with every reboot. One of the other issues is that I cannot access the control panels and many of the programs that are recommended do not run. Not really sure why but I do know that I need help. Oh no, as I was just writing this message, I got a blue screen of death. Ok, so here are the log files that I pulled from my laptop from Hijackthis and Malwarebytes. I have been extremely busy at work so I may not be able to respond very quickly in between posts, but I will work as fast as I can to try to move things along. By the way, my computer is a little MSI Wind Netbook. There is no CDRom (I have an external drive that is disconnected), just wifi and USB. Thank you in advance for any help you can provide! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:34:41 PM, on 3/28/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\system32\ALCMTR.EXE C:\Program Files\Tall Emu\Online Armor\oaui.exe D:\PROGRA~1\AVGANT~1\avgtray.exe D:\PROGRA~1\AVGANT~1\avgwdsvc.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\System Control Manager\MSIService.exe D:\PROGRA~1\AVGANT~1\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\wscntfy.exe c:\program files\spybot - search & destroy\teatimer .exe D:\PROGRA~1\AVGANT~1\avgtray .exe D:\Program Files\Malwarebytes' Anti-Malware\OX0aqPOfh .exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://carewebwe3.med.umich.edu/careweb/se...textManagerUrl= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0a79c400-c359-4e73-a257-be0b9c0fa4fd} - yagerumu.dll (file missing) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVGANT~1\avgtray.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1712615308-2639082052-192909733-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1712615308-2639082052-192909733-1005\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - S-1-5-21-1712615308-2639082052-192909733-1005 Startup: PdaNet Desktop.lnk.disabled (User '?') O4 - Startup: PdaNet Desktop.lnk.disabled O4 - Global Startup: Bluetooth Manager.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} (ISiteNonVisual Control 3.3) - http://141.214.98.117/iSite3_3.cab O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://citrix.med.umich.edu/net6helper.cab O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) - http://141.214.98.208/iSite3_5.cab O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} (WebLocator Class) - https://carewebwe2.med.umich.edu/careweb/ac...Contextlets.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll (file missing) O20 - AppInit_DLLs: vebenone.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVGANT~1\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1c9988f7e7e421e) (gupdate1c9988f7e7e421e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Check Point SecuRemote Service (SR_Service) - Unknown owner - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (file missing) O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Unknown owner - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 9014 bytes Malwarebytes' Anti-Malware 1.44 Database version: 3913 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/28/2010 6:33:49 PM mbam-log-2010-03-28 (18-33-44).txt Scan type: Quick Scan Objects scanned: 116378 Time elapsed: 6 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken. Files Infected: C:\WINDOWS\Temp\VRT2.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\VRT3.tmp (Spyware.OnlineGames) -> No action taken. C:\WINDOWS\Temp\VRT4.tmp (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\PE709EH4\abb[1].txt (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\SC.INS (Trojan.FakeAlert) -> No action taken. C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> No action taken.