Jump to content

3934230198:1231650837.exe Cant Stop!


Hizzle G
 Share

Recommended Posts

  • Replies 119
  • Created
  • Last Reply

Top Posters In This Topic

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

 

 

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

 

 

 

Failed to open \\?\c:\\System Volume Information: Access is denied.

 

 

 

Failed to open \\?\c:\\thecat.com.exe: Access is denied.

 

 

 

Failed to open \\?\c:\\thekitty.com.exe: Access is denied.

 

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Desktop\addie.com: Access is denied.

 

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Desktop\BURNCDCC.EXE: Access is denied.

 

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Desktop\gmer.exe: Access is denied.

 

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Desktop\KillBox.exe: Access is denied.

 

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Desktop\OTL.exe: Access is denied.

 

 

...

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.

 

 

 

Failed to open \\?\c:\\Documents and Settings\chuck\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.

 

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

..

Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe: Access is denied.

 

 

.

 

...

 

 

Failed to open \\?\c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe: Access is denied.

 

 

...

 

...

Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

 

 

 

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

 

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

 

..

 

...

 

...

 

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

 

...

 

...

 

...

 

...

 

...

 

...

 

...

Link to comment
Share on other sites

Thanks for the report, Hizzle G!!

 

Please download GrantPerms.zip

 

Save to the Desktop.

 

Unzip the file (Right-click > Extract all...)

Follow the prompts

 

In the new folder that appears, double-click GrantPerms.exe

 

Copy/paste the following in the blank area:

 

c:\\thecat.com.exe

c:\\thekitty.com.exe

c:\\Documents and Settings\chuck\Desktop\addie.com

c:\\Documents and Settings\chuck\Desktop\BURNCDCC.EXE

c:\\Documents and Settings\chuck\Desktop\gmer.exe

c:\\Documents and Settings\chuck\Desktop\KillBox.exe

c:\\Documents and Settings\chuck\Desktop\OTL.exe

c:\\Documents and Settings\chuck\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

c:\\Documents and Settings\chuck\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe

c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

c:\\Qoobox\BackEnv

 

Click: Unlock

 

When done click OK and close the tool.

 

 

Now, right-click and select Delete for the following (located on the Desktop, C:\, or C:\Windows, as shown):

-ADSSpy or addie.com

-HijackThis

-KillBox

-AntiZeroAccess, and its report

-TDSSKiller, and its report

-Win32kDiag.exe (located on the C:\ drive)

-Win32kDiag.txt log (located on the Desktop)

-DDS, DDS.txt, and Attach.txt

-ComboFix ( thecat.com, saved to the C:\ drive)

-thekitty.com

-ComboFix.txt (located on the Desktop)

-GMER

-OTL

-Step1.exe, the Result.txt, and the log.txt (on the Desktop)

-The Automated Recovery CD Creator (ARCDC) program

-The ISO (image) titled XPRC (located on your Desktop)

-DummyCreator.zip and its Result.txt

-SecurityCheck, and its Checkup.txt

 

Please provide feedback on how it goes.

 

Thanks!

Edited by Aaflac
Link to comment
Share on other sites

You are getting very good at all this!!

 

Let's download a fresh copy of DDS to get a picture of where we are at:

http://www.bleepingcomputer.com/download/anti-virus/dds

 

Click on the ‘Download Now’ button

 

Save DDS.scr to the Desktop

 

Windows XP users - Double-click on the DDS icon to start the tool.

 

When done, DDS opens two logs

DDS.txt and Attach.txt

 

Save both reports to the Desktop.

 

Please post them in your reply.

 

Thanks!

 

 

I'm signing out for tonight shortly, so, I will look things over tomorrow, and we will go on our final cleanup run.

Link to comment
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by chuck at 20:07:05 on 2011-09-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1351 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\chuck\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.0.3.246 10.0.1.9 192.168.1.1

TCP: Interfaces\{56B28EC3-9D10-490A-8F25-3DB258CF95A7} : DhcpNameServer = 10.0.3.246 10.0.1.9 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chuck\application data\mozilla\firefox\profiles\9xgi0p4o.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\documents and settings\chuck\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-29 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-29 309848]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-3-3 21464]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-29 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-29 42184]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-3-3 69976]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-5-24 6609920]

S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\pc maticrt\pcpitstoprtservice.exe --> c:\program files\pcpitstop\pc maticrt\PCPitstopRTService.exe [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-5-4 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-5-4 8456]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-28 91304]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-04 21:09:35 -------- d-----w- c:\documents and settings\chuck\application data\Uniblue

2011-09-04 21:09:32 -------- dc-h--w- c:\documents and settings\all users.windows\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-04 21:09:32 -------- d-----w- c:\program files\Uniblue

2011-09-04 21:09:23 -------- d-----w- c:\documents and settings\chuck\local settings\application data\PackageAware

2011-09-02 01:32:02 -------- d-sh--w- c:\windows\ftpcache

2011-09-02 01:21:53 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-09-02 01:21:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-09-02 01:21:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-09-02 01:08:02 -------- d-----w- c:\program files\Activision

2011-08-30 03:13:01 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-30 03:12:47 40112 ----a-w- c:\windows\avastSS.scr

2011-08-30 03:12:37 -------- d-----w- c:\program files\AVAST Software

2011-08-30 03:12:37 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software

2011-08-29 21:46:17 -------- d-----w- c:\program files\ESET

2011-08-29 01:07:40 -------- d--h--w- c:\windows\PIF

2011-08-29 00:44:15 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-29 00:42:48 -------- d-sha-r- C:\cmdcons

2011-08-29 00:40:34 98816 ----a-w- c:\windows\sed.exe

2011-08-29 00:40:34 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 00:40:34 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 00:40:34 208896 ----a-w- c:\windows\MBR.exe

2011-08-28 06:51:22 -------- d-----w- c:\program files\Cisco Systems

2011-08-28 06:10:10 -------- d-----w- c:\documents and settings\all users.windows\application data\Cisco Systems

2011-08-17 22:34:36 -------- d-----w- c:\documents and settings\chuck\local settings\application data\SolarWinds

2011-08-17 22:34:24 -------- d-----w- c:\program files\SolarWinds

2011-08-17 02:40:16 -------- d-----w- c:\windows\Internet Logs

2011-08-15 23:32:16 -------- d-----w- c:\program files\Kapha Anti-Malware

2011-08-15 22:32:30 -------- d-----w- c:\documents and settings\chuck\local settings\application data\Ashampoo

2011-08-15 22:31:51 -------- d-----w- c:\program files\hizz

2011-08-14 22:33:39 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-14 22:19:03 -------- d-----w- c:\program files\Trend Micro

2011-08-14 22:08:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-14 22:02:04 -------- d-----w- c:\documents and settings\chuck\application data\Malwarebytes

2011-08-14 22:01:57 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes

2011-08-14 16:00:31 -------- d-----w- c:\program files\Anti Trojan Elite

2011-08-12 11:16:20 -------- d-----w- c:\program files\FYZip

2011-08-11 23:52:14 -------- d-----w- c:\program files\Run-Time

2011-08-11 03:04:00 -------- d-----w- c:\program files\iPod

2011-08-11 02:55:56 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-09-02 01:21:53 22328 ----a-w- c:\documents and settings\chuck\application data\PnkBstrK.sys

2011-08-30 03:06:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 20:08:10.40 ===============

Link to comment
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/11/2010 8:52:22 PM

System Uptime: 9/6/2011 8:02:47 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 38.534 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\1EE56521334FC000

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\1EE56521334FC000

Service: NIC1394

.

==== System Restore Points ===================

.

RP275: 9/1/2011 8:07:15 PM - Installed Call of Duty® 4 - Modern Warfare

RP276: 9/2/2011 8:19:10 PM - System Checkpoint

RP277: 9/5/2011 1:38:28 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

America's Army 3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

avast! Free Antivirus

BitLord 1.2

Bluetooth HID Switch Service

Bluetooth Stack for Windows by Toshiba

Bonjour

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

Call of Duty® 4 - Modern Warfare

Cisco Connect

Conexant HDA D110 MDC V.92 Modem

Curse Client

Delta Force Black Hawk Down

Delta Force Xtreme 2

Digital Line Detect

DriverUpdate

EASEUS Partition Master 8.0.1 Home Edition

ESET Online Scanner v3

FLV Player 2.0 (build 25)

FYZip 1.00

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

Image to PDF Converter Free 3.0

Info Center 1.0.0.6

InstallVC90Support

Intel PROSet Wireless

Intel® Processor ID Utility

Intel® PROSet/Wireless WiFi Software

iTunes

J2SE Runtime Environment 5.0 Update 16

Java Auto Updater

Java 6 Update 26

League of Legends

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MobileMe Control Panel

Mozilla Firefox 6.0.1 (x86 en-US)

mProSafe

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

Pando Media Booster

PC Pitstop Exterminate2 2.0

PDF Converter XP 1.03

QuickSet

QuickTime

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

SigmaTel Audio

SolarWinds Real-time NetFlow Analyzer

Spybot - Search & Destroy

Steam

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Uniblue RegistryBooster

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

WebFldrs XP

Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Xfire (remove only)

Yahoo! BrowserPlus 2.9.8

.

==== Event Viewer Messages From Past Week ========

.

9/4/2011 4:05:40 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

9/1/2011 4:56:58 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless SSO Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The PCPitstop Realtime service failed to start due to the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless WiFi Service service failed to start due to the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified.

9/1/2011 4:56:58 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to comment
Share on other sites

Can't believe I forgot to unlock this one: C:\Windows\3934230198 :pullhair:

Then, we can get rid of it!!

 

Please download GrantPerms.zip

 

Save to the Desktop.

 

Unzip the file (Right-click > Extract all...)

Follow the prompts

 

In the new folder that appears, double-click GrantPerms.exe

 

Copy/paste the following in the blank area:

 

C:\Windows\3934230198

 

Click: Unlock

 

When done click OK and close the tool.

 

 

~~~~

Let's give ComboFix a one more whirl.

 

Download an updated copy: ComboFix

 

Save ComboFix.exe to your Desktop!!

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link

 

 

Double-click on ComboFix.exe to run the program.

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by Aaflac
Link to comment
Share on other sites

ComboFix 11-09-06.03 - chuck 09/06/2011 22:53:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1478 [GMT -5:00]

Running from: c:\documents and settings\chuck\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory\CLI.exe.c88dbd71.ini

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))

.

.

2011-09-07 04:05 . 2011-09-07 04:05 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory

2011-09-07 03:15 . 2011-09-07 03:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-04 21:09 . 2011-09-04 21:09 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\PackageAware

2011-09-02 01:32 . 2011-09-02 01:32 -------- d-sh--w- c:\windows\ftpcache

2011-09-02 01:21 . 2011-09-02 01:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-09-02 01:21 . 2011-09-02 01:32 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-09-02 01:21 . 2011-09-02 01:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-09-02 01:08 . 2011-09-02 01:08 -------- d-----w- c:\program files\Activision

2011-08-30 03:13 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-30 03:13 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-08-30 03:13 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-08-30 03:13 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-08-30 03:13 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-30 03:13 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-08-30 03:13 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-08-30 03:13 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-08-30 03:12 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-08-30 03:12 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-08-30 03:12 . 2011-08-30 03:12 -------- d-----w- c:\program files\AVAST Software

2011-08-30 03:12 . 2011-08-30 03:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software

2011-08-29 21:46 . 2011-08-29 21:46 -------- d-----w- c:\program files\ESET

2011-08-29 01:07 . 2011-08-29 01:07 -------- d--h--w- c:\windows\PIF

2011-08-29 00:44 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-28 06:51 . 2011-08-28 06:51 -------- d-----w- c:\program files\Cisco Systems

2011-08-28 06:10 . 2011-08-28 06:10 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth

2011-08-28 06:10 . 2011-08-28 06:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Cisco Systems

2011-08-17 22:34 . 2011-08-17 22:34 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\SolarWinds

2011-08-17 22:34 . 2011-08-17 22:34 -------- d-----w- c:\program files\SolarWinds

2011-08-17 02:40 . 2011-08-17 02:40 -------- d-----w- c:\windows\Internet Logs

2011-08-15 23:32 . 2011-08-17 02:30 -------- d-----w- c:\program files\Kapha Anti-Malware

2011-08-15 22:32 . 2011-08-15 22:32 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\Ashampoo

2011-08-15 22:31 . 2011-08-16 00:01 -------- d-----w- c:\program files\hizz

2011-08-14 23:15 . 2011-08-14 23:16 -------- d-----w- c:\documents and settings\Administrator

2011-08-14 22:33 . 2011-09-07 03:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-14 22:19 . 2011-08-14 22:19 -------- d-----w- c:\program files\Trend Micro

2011-08-14 22:08 . 2011-09-01 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-14 22:02 . 2011-08-14 22:02 -------- d-----w- c:\documents and settings\chuck\Application Data\Malwarebytes

2011-08-14 22:01 . 2011-08-14 22:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2011-08-14 16:00 . 2011-08-14 16:06 -------- d-----w- c:\program files\Anti Trojan Elite

2011-08-12 11:16 . 2011-08-12 11:16 -------- d-----w- c:\program files\FYZip

2011-08-12 01:51 . 2011-08-12 01:51 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple

2011-08-11 23:52 . 2011-08-12 00:00 -------- d-----w- c:\program files\Run-Time

2011-08-11 03:04 . 2011-08-11 03:04 -------- d-----w- c:\program files\iPod

2011-08-11 02:55 . 2011-08-11 02:55 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-02 01:21 . 2011-05-24 21:53 22328 ----a-w- c:\documents and settings\chuck\Application Data\PnkBstrK.sys

2011-08-30 03:06 . 2011-05-26 17:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10 . 2010-08-12 01:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-09-01 22:58 . 2011-04-02 04:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-08-10 09:57 . 2010-08-11 22:24 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-27 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-10 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-08-10 45056]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-08-03 24216]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\Hizzle\Start Menu\Programs\Startup\

.Memeo AutoBackup Launcher.lnk.dcm [2010-8-9 689]

.Memeo AutoSync Launcher.lnk.dcm [2010-8-9 685]

Memeo AutoBackup Launcher.lnk - c:\documents and settings\Hizzle\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [N/A]

Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [N/A]

.

c:\documents and settings\chuck\Start Menu\Programs\Startup\

Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-8-11 924632]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"58815:TCP"= 58815:TCP:Pando Media Booster

"58815:UDP"= 58815:UDP:Pando Media Booster

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/29/2011 10:13 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2011 10:13 PM 309848]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/3/2011 10:31 PM 21464]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2011 10:13 PM 19544]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/3/2011 10:31 PM 69976]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [5/24/2011 5:51 PM 6609920]

S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe --> c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/4/2011 8:18 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/4/2011 8:18 PM 8456]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/28/2011 11:02 PM 91304]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 10.0.3.246 10.0.1.9 192.168.1.1

FF - ProfilePath - c:\documents and settings\chuck\Application Data\Mozilla\Firefox\Profiles\9xgi0p4o.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-06 23:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):8e,ab,f7,76,9a,93,24,80,c3,2d,c0,40,55,7a,7f,77,c9,12,45,18,9d,

6b,85,a3,ac,f8,25,c6,24,06,a9,46,1b,e5,4b,8c,9d,36,a3,ab,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eb9b92c9-32cf-456a-8589-cfc5b5ba0384}]

@Denied: (Full) (Everyone)

"Model"=dword:000000a9

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1188)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(3916)

c:\windows\system32\WININET.dll

c:\program files\Internet Download Manager\IDMShellExt.dll

c:\windows\system32\netprovcredman.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-09-06 23:19:43 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-07 04:19

.

Pre-Run: 41,444,057,088 bytes free

Post-Run: 41,486,114,816 bytes free

.

- - End Of File - - 60789F16693670D278776081BDBACEC4

Link to comment
Share on other sites

Thank you for posting the report, Hizzle G.

 

Please do the following:

 

Open Notepad and copy/paste the text in the codebox below into it:

 

KillAll::
File::  
C:\thekitty.com.exe
C:\thecat.com.exe 
C:\RECYCLER\S-1-5-21-1454471165-73586283-682003330-1003\Dc20.exe 

Folder::
c:\program files\Ashampoo
C:\Windows\3934230198

Driver::
AAMW_WSC_Service_XP
AAMWService

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:1 

RegLockDel:: 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] 
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] 

Save as CFScript.txt

 

 

Posted Image

 

Referring to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it produces a log.

 

Please post the log in your reply.

Edited by Aaflac
Link to comment
Share on other sites

ComboFix 11-09-08.03 - chuck 09/08/2011 21:31:11.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT -5:00]

Running from: c:\documents and settings\chuck\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\chuck\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\recycler\S-1-5-21-1454471165-73586283-682003330-1003\Dc20.exe"

"C:\thecat.com.exe"

"C:\thekitty.com.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse

.

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

.

2011-09-09 02:57 . 2011-09-09 02:57 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\ApplicationHistory

2011-09-07 03:15 . 2011-09-07 03:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-04 21:09 . 2011-09-04 21:09 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\PackageAware

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 01:32 . 2011-09-02 01:32 -------- d-sh--w- c:\windows\ftpcache

2011-09-02 01:21 . 2011-09-02 01:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-09-02 01:21 . 2011-09-02 01:32 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-09-02 01:21 . 2011-09-02 01:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-09-02 01:08 . 2011-09-02 01:08 -------- d-----w- c:\program files\Activision

2011-08-30 03:13 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-30 03:13 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-08-30 03:13 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-08-30 03:13 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-08-30 03:13 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-30 03:13 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-08-30 03:13 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-08-30 03:13 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-08-30 03:12 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-08-30 03:12 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-08-30 03:12 . 2011-08-30 03:12 -------- d-----w- c:\program files\AVAST Software

2011-08-30 03:12 . 2011-08-30 03:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software

2011-08-29 21:46 . 2011-08-29 21:46 -------- d-----w- c:\program files\ESET

2011-08-29 01:07 . 2011-08-29 01:07 -------- d--h--w- c:\windows\PIF

2011-08-29 00:44 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-28 06:51 . 2011-08-28 06:51 -------- d-----w- c:\program files\Cisco Systems

2011-08-28 06:10 . 2011-08-28 06:10 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth

2011-08-28 06:10 . 2011-08-28 06:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Cisco Systems

2011-08-17 22:34 . 2011-08-17 22:34 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\SolarWinds

2011-08-17 22:34 . 2011-08-17 22:34 -------- d-----w- c:\program files\SolarWinds

2011-08-17 02:40 . 2011-08-17 02:40 -------- d-----w- c:\windows\Internet Logs

2011-08-15 23:32 . 2011-08-17 02:30 -------- d-----w- c:\program files\Kapha Anti-Malware

2011-08-15 22:32 . 2011-08-15 22:32 -------- d-----w- c:\documents and settings\chuck\Local Settings\Application Data\Ashampoo

2011-08-15 22:31 . 2011-08-16 00:01 -------- d-----w- c:\program files\hizz

2011-08-14 23:15 . 2011-08-14 23:16 -------- d-----w- c:\documents and settings\Administrator

2011-08-14 22:33 . 2011-09-07 03:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-14 22:19 . 2011-08-14 22:19 -------- d-----w- c:\program files\Trend Micro

2011-08-14 22:08 . 2011-09-01 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-14 22:02 . 2011-08-14 22:02 -------- d-----w- c:\documents and settings\chuck\Application Data\Malwarebytes

2011-08-14 22:01 . 2011-08-14 22:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2011-08-14 16:00 . 2011-08-14 16:06 -------- d-----w- c:\program files\Anti Trojan Elite

2011-08-12 11:16 . 2011-08-12 11:16 -------- d-----w- c:\program files\FYZip

2011-08-12 01:51 . 2011-08-12 01:51 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple

2011-08-11 23:52 . 2011-08-12 00:00 -------- d-----w- c:\program files\Run-Time

2011-08-11 03:04 . 2011-08-11 03:04 -------- d-----w- c:\program files\iPod

2011-08-11 02:55 . 2011-08-11 02:55 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-03 10:17 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-02 01:21 . 2011-05-24 21:53 22328 ----a-w- c:\documents and settings\chuck\Application Data\PnkBstrK.sys

2011-08-30 03:06 . 2011-05-26 17:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10 . 2010-08-12 01:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-09-07 04:28 . 2011-04-02 04:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-08-10 09:57 . 2010-08-11 22:24 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-07_04.16.54 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-27 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-10 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-08-10 45056]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-08-03 24216]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

c:\documents and settings\Hizzle\Start Menu\Programs\Startup\

.Memeo AutoBackup Launcher.lnk.dcm [2010-8-9 689]

.Memeo AutoSync Launcher.lnk.dcm [2010-8-9 685]

Memeo AutoBackup Launcher.lnk - c:\documents and settings\Hizzle\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [N/A]

Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [N/A]

.

c:\documents and settings\chuck\Start Menu\Programs\Startup\

Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-8-11 924632]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"58815:TCP"= 58815:TCP:Pando Media Booster

"58815:UDP"= 58815:UDP:Pando Media Booster

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/29/2011 10:13 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/29/2011 10:13 PM 320856]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/3/2011 10:31 PM 21464]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2011 10:13 PM 20568]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/3/2011 10:31 PM 69976]

S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe --> c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/4/2011 8:18 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/4/2011 8:18 PM 8456]

S3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [5/24/2011 5:51 PM 6609920]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/28/2011 11:02 PM 91304]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 10.0.3.246 10.0.1.9 192.168.1.1

FF - ProfilePath - c:\documents and settings\chuck\Application Data\Mozilla\Firefox\Profiles\9xgi0p4o.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-08 21:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eb9b92c9-32cf-456a-8589-cfc5b5ba0384}]

@Denied: (Full) (Everyone)

"Model"=dword:000000a9

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1016)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(3444)

c:\windows\system32\WININET.dll

c:\program files\Internet Download Manager\IDMShellExt.dll

c:\windows\system32\netprovcredman.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2011-09-08 22:00:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-09 03:00

ComboFix2.txt 2011-09-07 04:19

.

Pre-Run: 41,234,898,944 bytes free

Post-Run: 41,242,300,416 bytes free

.

- - End Of File - - 6D76E2B342BF33F79C0D38EC88CB4A0E

Link to comment
Share on other sites

Good show, Hizzle G!!

 

If the computer is runnning well, you are good to go!!

 

This next step is important, as it will implement important cleanup procedures, reset your System Restore by flushing out previous restore points (which contain the infections), and create a new restore point.

 

Click Start > Run and copy/paste, the following bolded text into the Run box and click OK:

 

ComboFix /uninstall

 

ComboFix will uninstall itself from your computer and remove its backups and quarantined files.

When it has finished you will see a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

 

~~~~

These are tasks you can do as your time permits, but, please do not wait more than a couple of days.

 

Please verify the version of Java you have installed:

http://www.java.com/en/download/installed.jsp

 

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.

When done, uninstall older versions:

http://www.java.com/en/download/uninstall.jsp

 

Also update the following:

Out of date Adobe Reader installed!

 

Mozilla Firefox (x86 en-US..) Firefox Out of Date!

 

~~~~

Please consider doing the following to prevent future infections...

 

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer. You can use the Secunia Personal Software Inspector to scan for vulnerable programs on your computer:

http://secunia.com/vulnerability_scanning/personal/

 

A tutorial on how to use the Secunia Personal Software Inspector to scan for vulnerable programs is found here:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

 

 

Surf safely, Hizzle G!! :adios:

Edited by Aaflac
Link to comment
Share on other sites

Go to Start > Run, and in the Open area, type in: services.msc

 

In the Services window, under Name, go down to: PCPitstop Realtime

 

Double-click on 'PCPitstop Realtime'

 

In the window that appears, what does it say to the right of: Startup Type, and to the right of: Service Status?

Edited by Aaflac
Link to comment
Share on other sites

  • 4 weeks later...

It appears that the malware issue presented is resolved, therefore the topic is closed.

 

Please send me or any Moderator a Personal Message (PM) with this topic's link if there is a reason to re-open it.

 

 

Thanks.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...