"Rootkit virus has insterted itself into your ip/tcp stack!"..mbam & combofix logs attached
02-06-2012
, 06:58 PM
Problem: Had a virus pop up on my anti-virus and malware removers a couple of weeks ago. Combofix identifies the virus as a "Rootkit.zeroaccess virus that has inserted itself into the ip/tcp stack" but is unable to remove it as it continues to identify it every time I have run it up to the posting of this thread.
Currently MBAM is saying I have 0 infected files the last few times I have run it after removing a lot a cpl weeks ago. Avast free edition results of scan also say I have 0 viruses.
My avast won't update though, when I click to update the virus database or program version it says "error: cannot connect to server". As well, I tried downloading spyware doctor and running it but it displays an error every time I try to install.
Other than combofix, MBAM, avast and super-anti spyware; I also ran Kapersky rescue disk about a week ago which deleted the system file identified in the combofix log below. Regarding Kapersky rescue disk, I did not hook my computer up to a ethernet when I ran it thus it was not able to update, and have yet to run an updated version of Kapersky rescue disk.
Any recommendations on what I should do? Thank you for your help
I will attach the Combofix and MBAM log in the next 2 posts.
Currently MBAM is saying I have 0 infected files the last few times I have run it after removing a lot a cpl weeks ago. Avast free edition results of scan also say I have 0 viruses.
My avast won't update though, when I click to update the virus database or program version it says "error: cannot connect to server". As well, I tried downloading spyware doctor and running it but it displays an error every time I try to install.
Other than combofix, MBAM, avast and super-anti spyware; I also ran Kapersky rescue disk about a week ago which deleted the system file identified in the combofix log below. Regarding Kapersky rescue disk, I did not hook my computer up to a ethernet when I ran it thus it was not able to update, and have yet to run an updated version of Kapersky rescue disk.
Any recommendations on what I should do? Thank you for your help
I will attach the Combofix and MBAM log in the next 2 posts.
Last edited by cberasi; 02-06-2012 at 07:27 PM.
02-06-2012
, 06:59 PM
ComboFix 12-02-03.02 - Chris 02/04/2012 0:54.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1577 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\Duncanator.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
c:\windows\system32\drivers\usbhub.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 05:02 . 2012-02-04 05:02 -------- d-----w- c:\program files\Apple Software Update
2012-02-03 23:59 . 2011-12-01 21:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-03 23:59 . 2011-12-01 21:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-03 23:59 . 2011-11-14 20:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-02-03 23:59 . 2011-11-14 20:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-03 23:59 . 2012-02-03 23:59 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-03 23:59 . 2012-01-11 21:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-03 23:58 . 2012-02-03 23:58 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-02-03 23:58 . 2012-02-03 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-03 23:56 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-03 23:56 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-03 23:56 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-03 23:56 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-03 23:56 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-26 01:11 . 2012-01-26 01:11 -------- d-----w- c:\program files\SpywareBlaster
2012-01-18 23:05 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-18 23:05 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-18 23:05 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-18 23:05 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-18 23:05 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-18 23:05 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-18 23:05 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-18 23:05 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-18 23:05 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-18 23:05 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-18 22:40 . 2012-01-18 22:40 -------- d-sh--w- c:\documents and settings\Chris\IECompatCache
2012-01-12 23:42 . 2012-01-12 23:42 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WinZip
2012-01-12 22:58 . 2012-01-12 22:58 -------- d-----w- C:\found.001
2012-01-12 22:15 . 2012-01-12 22:43 -------- d-----w- C:\ComboFix
2012-01-12 18:52 . 2012-01-18 17:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-01-12 05:12 . 2012-01-18 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-12 05:12 . 2012-01-12 05:12 -------- d-----w- c:\program files\AVAST Software
2012-01-12 02:58 . 2012-01-12 02:58 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2012-01-12 02:53 . 2012-01-19 05:32 -------- d-----w- c:\program files\FA14D
2012-01-12 02:53 . 2012-01-12 02:53 -------- d-----w- C:\6EBFA
2012-01-12 02:38 . 2012-01-12 02:38 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PCHealth
2012-01-11 03:16 . 2012-01-11 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-03 02:44 . 2011-10-11 02:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-02-17 20:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-25 16:16 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-25 16:16 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 10:54 . 2010-09-01 01:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-05-20 19:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-29 15:55 . 2012-02-03 23:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0016\DriverFi les\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusR untime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusR untime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0022\DriverFi les\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0023\DriverFi les\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
.
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-01-12_22.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-04 05:53 . 2012-02-04 05:53 16384 c:\windows\temp\Perflib_Perfdata_314.dat
- 2008-04-25 16:16 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
+ 2008-04-25 16:16 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2012-01-12 23:41 . 2012-01-12 23:41 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}\IconCD95F6617.exe
+ 2012-02-04 05:02 . 2012-02-04 05:02 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2008-04-25 16:16 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 176128 c:\windows\system32\winmm.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 386048 c:\windows\system32\qdvd.dll
+ 2008-04-25 16:16 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2012-02-03 02:44 . 2012-02-03 02:44 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Pl ugin.exe
- 2011-07-06 17:43 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 149280 c:\windows\system32\java.exe
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 203776 c:\windows\Installer\7cc1e.msi
+ 2012-01-24 22:47 . 2012-01-24 22:47 248832 c:\windows\Installer\1d3fadf6.msi
+ 2012-01-12 23:41 . 2012-01-12 23:41 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}\IconCD95F66110.exe
+ 2008-04-25 16:16 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2009-07-18 03:21 . 2012-02-03 02:44 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-05-20 19:46 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2012-01-12 23:41 . 2012-01-12 23:41 1734656 c:\windows\Installer\188315.msi
+ 2012-02-04 05:02 . 2012-02-04 05:02 1769984 c:\windows\Installer\1053ea7.msi
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\32484.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"F.lux"="c:\documents and settings\Chris\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-26 813584]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-6-26 815104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RVG Software\\Holdem Manager\\HoldemManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/3/2012 6:59 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2/3/2012 6:59 PM 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2/3/2012 6:59 PM 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [1/18/2012 6:05 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/18/2012 6:05 PM 314456]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2/3/2012 6:59 PM 185560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [1/18/2012 6:05 PM 20568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/26/2010 4:29 PM 38144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [5/20/2009 2:49 PM 8960]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [6/26/2010 4:21 PM 10384]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 5:50 AM 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/7/2009 10:24 PM 24652]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\ drivers\lvbusflt.sys [11/9/2010 9:46 PM 20704]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6/26/2010 4:29 PM 332928]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag 69xp.sys [5/20/2009 2:50 PM 11264]
S3 PCTSFileEnum;PCTSFileEnum;c:\program files\PC Tools\DMScanning\PCTSFiles.exe --> c:\program files\PC Tools\DMScanning\PCTSFiles.exe [?]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [6/7/2009 9:39 PM 169984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [5/20/2009 2:49 PM 16640]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2009-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_ exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
2009-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_e xe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\jpu1lgb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64808
FF - prefs.js: network.proxy.type - 4
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 01:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,3e,5a ,81,61,0b,22,46,85,1b,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,3e,5a ,81,61,0b,22,46,85,1b,3a,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography \RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-02-04 01:16:40
ComboFix-quarantined-files.txt 2012-02-04 06:16
ComboFix2.txt 2012-01-13 01:16
ComboFix3.txt 2012-01-12 22:43
ComboFix4.txt 2012-01-12 05:01
ComboFix5.txt 2012-01-13 03:17
.
Pre-Run: 131,765,112,832 bytes free
Post-Run: 131,822,505,984 bytes free
.
- - End Of File - - D8E11D4EE8A05B935D4ACE1BC9593D3D
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1577 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\Duncanator.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
c:\windows\system32\drivers\usbhub.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 05:02 . 2012-02-04 05:02 -------- d-----w- c:\program files\Apple Software Update
2012-02-03 23:59 . 2011-12-01 21:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-03 23:59 . 2011-12-01 21:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-03 23:59 . 2011-11-14 20:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-02-03 23:59 . 2011-11-14 20:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-03 23:59 . 2012-02-03 23:59 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-03 23:59 . 2012-01-11 21:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-03 23:58 . 2012-02-03 23:58 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-02-03 23:58 . 2012-02-03 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-03 23:56 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-03 23:56 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-03 23:56 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-03 23:56 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-03 23:56 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-26 01:11 . 2012-01-26 01:11 -------- d-----w- c:\program files\SpywareBlaster
2012-01-18 23:05 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-18 23:05 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-18 23:05 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-18 23:05 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-18 23:05 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-18 23:05 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-18 23:05 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-18 23:05 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-18 23:05 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-18 23:05 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-18 22:40 . 2012-01-18 22:40 -------- d-sh--w- c:\documents and settings\Chris\IECompatCache
2012-01-12 23:42 . 2012-01-12 23:42 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WinZip
2012-01-12 22:58 . 2012-01-12 22:58 -------- d-----w- C:\found.001
2012-01-12 22:15 . 2012-01-12 22:43 -------- d-----w- C:\ComboFix
2012-01-12 18:52 . 2012-01-18 17:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-01-12 05:12 . 2012-01-18 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-12 05:12 . 2012-01-12 05:12 -------- d-----w- c:\program files\AVAST Software
2012-01-12 02:58 . 2012-01-12 02:58 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2012-01-12 02:53 . 2012-01-19 05:32 -------- d-----w- c:\program files\FA14D
2012-01-12 02:53 . 2012-01-12 02:53 -------- d-----w- C:\6EBFA
2012-01-12 02:38 . 2012-01-12 02:38 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PCHealth
2012-01-11 03:16 . 2012-01-11 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-03 02:44 . 2011-10-11 02:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-02-17 20:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-25 16:16 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-25 16:16 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 10:54 . 2010-09-01 01:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-05-20 19:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-29 15:55 . 2012-02-03 23:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0016\DriverFi les\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusR untime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusR untime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0022\DriverFi les\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0023\DriverFi les\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
.
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-01-12_22.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-04 05:53 . 2012-02-04 05:53 16384 c:\windows\temp\Perflib_Perfdata_314.dat
- 2008-04-25 16:16 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
+ 2008-04-25 16:16 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2012-01-12 23:41 . 2012-01-12 23:41 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}\IconCD95F6617.exe
+ 2012-02-04 05:02 . 2012-02-04 05:02 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2008-04-25 16:16 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 176128 c:\windows\system32\winmm.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 386048 c:\windows\system32\qdvd.dll
+ 2008-04-25 16:16 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2012-02-03 02:44 . 2012-02-03 02:44 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Pl ugin.exe
- 2011-07-06 17:43 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-18 22:15 . 2011-11-10 10:54 149280 c:\windows\system32\java.exe
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 203776 c:\windows\Installer\7cc1e.msi
+ 2012-01-24 22:47 . 2012-01-24 22:47 248832 c:\windows\Installer\1d3fadf6.msi
+ 2012-01-12 23:41 . 2012-01-12 23:41 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}\IconCD95F66110.exe
+ 2008-04-25 16:16 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2009-07-18 03:21 . 2012-02-03 02:44 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-05-20 19:46 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2012-01-12 23:41 . 2012-01-12 23:41 1734656 c:\windows\Installer\188315.msi
+ 2012-02-04 05:02 . 2012-02-04 05:02 1769984 c:\windows\Installer\1053ea7.msi
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\32484.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"F.lux"="c:\documents and settings\Chris\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-26 813584]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-6-26 815104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RVG Software\\Holdem Manager\\HoldemManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/3/2012 6:59 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2/3/2012 6:59 PM 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2/3/2012 6:59 PM 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [1/18/2012 6:05 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/18/2012 6:05 PM 314456]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2/3/2012 6:59 PM 185560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [1/18/2012 6:05 PM 20568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/26/2010 4:29 PM 38144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [5/20/2009 2:49 PM 8960]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [6/26/2010 4:21 PM 10384]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 5:50 AM 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/7/2009 10:24 PM 24652]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\ drivers\lvbusflt.sys [11/9/2010 9:46 PM 20704]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6/26/2010 4:29 PM 332928]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag 69xp.sys [5/20/2009 2:50 PM 11264]
S3 PCTSFileEnum;PCTSFileEnum;c:\program files\PC Tools\DMScanning\PCTSFiles.exe --> c:\program files\PC Tools\DMScanning\PCTSFiles.exe [?]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [6/7/2009 9:39 PM 169984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [5/20/2009 2:49 PM 16640]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2009-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_ exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
2009-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_e xe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\jpu1lgb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64808
FF - prefs.js: network.proxy.type - 4
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 01:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,3e,5a ,81,61,0b,22,46,85,1b,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,3e,5a ,81,61,0b,22,46,85,1b,3a,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography \RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-02-04 01:16:40
ComboFix-quarantined-files.txt 2012-02-04 06:16
ComboFix2.txt 2012-01-13 01:16
ComboFix3.txt 2012-01-12 22:43
ComboFix4.txt 2012-01-12 05:01
ComboFix5.txt 2012-01-13 03:17
.
Pre-Run: 131,765,112,832 bytes free
Post-Run: 131,822,505,984 bytes free
.
- - End Of File - - D8E11D4EE8A05B935D4ACE1BC9593D3D
02-06-2012
, 07:01 PM
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.04.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: CBDTOP [administrator]
2/4/2012 1:18:24 AM
mbam-log-2012-02-04 (01-18-24).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294056
Time elapsed: 38 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Database version: v2012.02.04.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: CBDTOP [administrator]
2/4/2012 1:18:24 AM
mbam-log-2012-02-04 (01-18-24).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294056
Time elapsed: 38 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
02-08-2012
, 03:41 AM
Join Date: Jan 2012
Posts: 871
is it possible you have an unknown worm running that is hiding itself in the background and blocking access to your antivirus software?
watch this video and tell me if it sounds similar to what you've experienced: youtube vid how koobface works
fyi, if you're a windows 7/vista user and don't know how to open the command prompt mentioned in the video, then hold down the shift key + right click at the same time to select "open command window here"
watch this video and tell me if it sounds similar to what you've experienced: youtube vid how koobface works
fyi, if you're a windows 7/vista user and don't know how to open the command prompt mentioned in the video, then hold down the shift key + right click at the same time to select "open command window here"
02-08-2012
, 05:18 PM
It sounds like I have something similar as I had the same problem as noted in some of the related youtube videos to the one you posted in which my mozilla firefox was changed to try to connect to a specific proxy address that kept it from connecting to the internet until I went in and changed it.
I ran the netstat -b command but do not see any programs listed with the same name that is mentioned in the video you posted, I am not sure if I am reading it correctly though.
When I run the nslookup www.avast.com command I am not sure if it is saying that it can't connect, or how I can remove and settings that may have been altered that is preventing my avast from updating or for example not letting me run spyware doctor installation
Here is what the nslookup www.avast.com command returns:
>nslookup www. avast.com
Server: www.avast.com.neo.rr.com
Address: 72.3.199.7
DNS request timed out.
timeout was 2 seconds
*** Request to www.avast.com timed-out
I ran the netstat -b command but do not see any programs listed with the same name that is mentioned in the video you posted, I am not sure if I am reading it correctly though.
When I run the nslookup www.avast.com command I am not sure if it is saying that it can't connect, or how I can remove and settings that may have been altered that is preventing my avast from updating or for example not letting me run spyware doctor installation
Here is what the nslookup www.avast.com command returns:
>nslookup www. avast.com
Server: www.avast.com.neo.rr.com
Address: 72.3.199.7
DNS request timed out.
timeout was 2 seconds
*** Request to www.avast.com timed-out
02-09-2012
, 03:40 AM
Join Date: Jan 2012
Posts: 871
yeah it sounded like some form of the koobface worm to me when i read the op. i'm not the best with that kind of stuff. i just have a vague sense of how it operates. let me check with a friend tomorrow and get back to you.
02-09-2012
, 02:32 PM
journeyman
Join Date: Apr 2009
Posts: 397
Download farbar service scanner at http://download.bleepingcomputer.com/farbar/FSS.exe
Press scan. It will create a log FSS.txt in the same directory as the tool. Post log.
Press scan. It will create a log FSS.txt in the same directory as the tool. Post log.
02-09-2012
, 06:21 PM
Quote:
Download farbar service scanner at http://download.bleepingcomputer.com/farbar/FSS.exe
Press scan. It will create a log FSS.txt in the same directory as the tool. Post log.
Press scan. It will create a log FSS.txt in the same directory as the tool. Post log.
Ran by CB Admin(Do Not Use) (administrator) on 09-02-2012 at 17:22:48
Running from "C:\Documents and Settings\CB Admin(Do Not Use)\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
************************************************** **************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
===========
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(10) aswTdi(15) Gpc(6) IPSec(4) LANPkt(8) NetBT(5) PSched(7) RTLVLAN(9) Tcpip(3)
0x10000000040000000100000002000000030000000F000000 0B0000000C0000000D0000000E000000100000000500000006 0000000700000008000000090000000A000000
**** End of log ****
02-09-2012
, 06:22 PM
also, I just noticed yesterday that my windows firewall keeps getting switched from "on" to "not monitored". When I first saw it listed as not monitored I switched it back to on and it was changed back to not monitored a cpl hours later, not sure how.
02-10-2012
, 02:48 PM
journeyman
Join Date: Apr 2009
Posts: 397
Can you access the Internet on infected pc?
02-10-2012
, 04:26 PM
Yes, the internet works completely fine now. Avast can't connect to update though, it says error: cannot connect to server
02-10-2012
, 04:55 PM
journeyman
Join Date: Apr 2009
Posts: 397
Download CCleaner slim (3rd on list) from www.piriform.com/ccleaner/builds
Open program click options>advanced>uncheck only delete files in windows temp folders older than 48hrs
Click cleaner on left and run the cleaner. Make sure all browsers are closed first.
Run super anti spyware again and post log. Make sure it's updated
Open program click scanning control tab and make sure only the following are checked
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan alternate data streams
Leave everything else unchecked
Go to main screen cluck scan computer and choose complete system scan. Post log.
Open program click options>advanced>uncheck only delete files in windows temp folders older than 48hrs
Click cleaner on left and run the cleaner. Make sure all browsers are closed first.
Run super anti spyware again and post log. Make sure it's updated
Open program click scanning control tab and make sure only the following are checked
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan alternate data streams
Leave everything else unchecked
Go to main screen cluck scan computer and choose complete system scan. Post log.
02-10-2012
, 07:34 PM
Thanks for your help
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/10/2012 at 06:32 PM
Application Version : 5.0.1144
Core Rules Database Version : 8229
Trace Rules Database Version: 6041
Scan type : Complete Scan
Total Scan Time : 00:39:06
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 36794
Registry threats detected : 0
File items scanned : 80113
File threats detected : 12
Adware.Tracking Cookie
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/10/2012 at 06:32 PM
Application Version : 5.0.1144
Core Rules Database Version : 8229
Trace Rules Database Version: 6041
Scan type : Complete Scan
Total Scan Time : 00:39:06
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 36794
Registry threats detected : 0
File items scanned : 80113
File threats detected : 12
Adware.Tracking Cookie
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\CB ADMIN(DO NOT USE)\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\88PUK4CE.DEFAULT\COO KIES.SQLITE ]
02-12-2012
, 05:47 PM
Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
Download Mirror #1
Download Mirror #2
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the following text into the main textfield:
Quote:
:filefind
usbhub.sys
i8042prt.sys
usbhub.sys
i8042prt.sys
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
02-12-2012
, 10:07 PM
SystemLook 30.07.11 by jpshortstuff
Log created at 21:05 on 12/02/2012 by CB Admin(Do Not Use)
Administrator - Elevation successful
========== filefind ==========
Searching for "usbhub.sys"
C:\WINDOWS\system32\dllcache\usbhub.sys --a--c- 59520 bytes [00:15 14/04/2008] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\drivers\usbhub.sys --a---- 59520 bytes [00:15 14/04/2008] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:00 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0008\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0009\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
Searching for "i8042prt.sys "
No files found.
-= EOF =-
Log created at 21:05 on 12/02/2012 by CB Admin(Do Not Use)
Administrator - Elevation successful
========== filefind ==========
Searching for "usbhub.sys"
C:\WINDOWS\system32\dllcache\usbhub.sys --a--c- 59520 bytes [00:15 14/04/2008] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\drivers\usbhub.sys --a---- 59520 bytes [00:15 14/04/2008] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:00 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0008\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0009\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFi les\i386\usbhub.sys --a---- 59520 bytes [02:41 21/05/2009] [12:15 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
Searching for "i8042prt.sys "
No files found.
-= EOF =-
02-13-2012
, 06:54 AM
- Please create a new text file in Notepad with the following contents:
Code:KILLALL:: FCopy:: C:\WINDOWS\system32\dllcache\usbhub.sys | c:\windows\system32\drivers\usbhub.sys
- Save that file as CFScript.txt on your desktop
- Drag and drop the CFScript.txt onto the ComboFix icon, as shown in the animation below.
- If done correctly, ComboFix will start and perform specific instructions
- In doing so, ComboFix may request a reboot
- Please post the contents of Combofix.txt in your next reply
Please download aswMBR by Alwil Software from here and save it to your desktop.
- Double click aswMBR.exe to run the tool
- Click the Scan button to start the scan
- Donīt panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
- Once the scan finishes click Save log to save the log to your desktop
- Copy and paste the contents of this log (aswMBR.txt) into your next reply.
02-13-2012
, 04:19 PM
I cannot get combofix to run successfully when I drag and drop the script you referenced. The first time I ran it, the combofix box just disappeared when the blue box was listed as completing one of the scanning stages and the desktop disappeared and remained gone as well. I waited like an hr before restarting as I was unsure if it was still running. The second time I ran it, it got all of the way through the scan stages and said it needed to reboot and then the box disappeared and I waited like an hr but the reboot never happened so I manually restarted and thus no log was produced.
Is this normal or is combofix not working. The other times I used combofix it only took like 30 minutes or so to run and never had a problem working but when I open it by dragging and dropping the above script it seems like it freezes.
Is it freezing or is it normal for it to take multiple hours to complete when using the script above?
Thanks
Is this normal or is combofix not working. The other times I used combofix it only took like 30 minutes or so to run and never had a problem working but when I open it by dragging and dropping the above script it seems like it freezes.
Is it freezing or is it normal for it to take multiple hours to complete when using the script above?
Thanks
02-14-2012
, 03:13 AM
We use another tool
Find this file:
C:\WINDOWS\system32\dllcache\usbhub.sys
And copy it to your C:\ directory.
You now have a file C:\usbhub.sys
Please download The Avenger by Swandog46 from here.
Find this file:
C:\WINDOWS\system32\dllcache\usbhub.sys
And copy it to your C:\ directory.
You now have a file C:\usbhub.sys
Please download The Avenger by Swandog46 from here.
- Unzip the archive avenger.zip to your desktop
- Doubleclick avenger.exe to run the tool
- Do not change any check box options!
- Copy&paste the text below into the Input script here: part of the window:
Quote:Files to move:
C:\usbhub.sys | c:\windows\system32\drivers\usbhub.sys - Click the Execute button.
- Click Yes to confirm the action.
- Reboot your computer, either when requested by the tool or manually after it finishes.
- A log file will be produced (C:\avenger.txt), please copy that into your next post.
Feedback is used for internal purposes. LEARN MORE
Powered by:
Hand2Note
Copyright Đ2008-2022, Hand2Note Interactive LTD