Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Disabled.SecurityCenter

Started by wclem , May 13 2009 07:48 PM

  • Please log in to reply

#1
wclem
Posted 13 May 2009 - 07:48 PM

wclem

    New Member

  • Member
  • Pip
  • 1 posts
Please help.

I ran Malwarebytes and have 5 infections that won't go away. Everytime my computer reboots I get all five items back. I have copies of a hijack this logfile, combo logfile, and the mbam file.

Thank you

mbam logfile:

Malwarebytes' Anti-Malware 1.36
Database version: 2108
Windows 5.1.2600 Service Pack 3

5/11/2009 8:26:47 AM
mbam-log-2009-05-11 (08-26-47).txt

Scan type: Quick Scan
Objects scanned: 101760
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack This logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:17 PM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VEXIRA~1\Bin\vbcmserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Vest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.82:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [VBSysTray] "C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe"
O4 - HKLM\..\Run: [AVLoginToDo] "C:\PROGRA~1\VEXIRA~1\Bin\avltd.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173961348546
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{96FC63B8-1F1B-47EA-B449-080324A5CC6D}: NameServer = 208.182.122.2,208.182.122.130
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9b3f84ffd54a) (gupdate1c9b3f84ffd54a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: Vexira Antivirus Component Manager Service (VACompManService) - Central Command, Inc. - C:\PROGRA~1\VEXIRA~1\Bin\vbcmserv.exe

--
End of file - 10742 bytes


Combo file:

ComboFix 09-05-12.06 - Vest 05/13/2009 11:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.577 [GMT -4:00]
Running from: c:\documents and settings\Vest\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-11 13:18 . 2009-05-11 13:18 -------- d-----w c:\program files\Trend Micro
2009-05-11 13:11 . 2009-05-11 13:11 -------- d-----w c:\program files\CCleaner
2009-05-11 11:48 . 2009-05-11 11:48 -------- d-----w c:\documents and settings\Vest\Application Data\Malwarebytes
2009-05-11 11:48 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-11 11:48 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 11:48 . 2009-05-11 11:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 11:48 . 2009-05-11 11:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 13:12 . 2009-05-08 13:12 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-07 20:14 . 2009-05-07 20:14 -------- d-----w c:\program files\Microsoft
2009-05-07 12:35 . 2009-05-07 12:35 -------- d-sh--w c:\documents and settings\Vest\IECompatCache
2009-05-07 12:32 . 2009-05-07 12:32 -------- d-sh--w c:\documents and settings\Vest\PrivacIE
2009-05-07 12:27 . 2009-05-07 12:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-07 01:53 . 2009-05-07 01:53 -------- d-sh--w c:\documents and settings\Vest\IETldCache
2009-05-07 01:51 . 2009-05-07 01:51 -------- d-----w c:\windows\ie8updates
2009-05-07 01:50 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-07 01:48 . 2009-05-07 01:49 -------- dc-h--w c:\windows\ie8
2009-04-25 12:19 . 2009-04-25 12:20 -------- d-----w c:\documents and settings\Vest\Local Settings\Application Data\Deployment
2009-04-20 20:40 . 2006-09-28 08:45 36962 ------w c:\windows\system32\ActPanel.dll
2009-04-20 20:40 . 2009-04-20 20:40 -------- d-----w c:\program files\Oracle
2009-04-16 09:54 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 09:54 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 09:54 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 09:54 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 09:54 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 09:54 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 09:53 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 09:53 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 09:53 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 09:53 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 09:51 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 09:51 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 15:10 . 2007-03-09 16:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 15:10 . 2008-08-04 18:40 -------- d-----w c:\program files\Vexira Antivirus
2009-05-11 15:35 . 2008-07-17 15:48 -------- d-----w c:\program files\HTS_iNet
2009-05-11 12:58 . 2007-03-13 19:09 68544 ----a-w c:\documents and settings\Vest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 16:36 . 2007-03-09 16:53 -------- d-----w c:\program files\Microsoft Works
2009-05-08 16:18 . 2009-05-08 16:18 0 ----a-w C:\LOG2B2.tmp
2009-05-07 12:26 . 2007-03-09 16:48 -------- d-----w c:\program files\Java
2009-04-27 19:30 . 2008-03-04 13:28 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-13 02:07 . 2009-04-13 02:07 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-03 01:06 . 2007-03-09 16:48 -------- d-----w c:\program files\Google
2009-03-30 20:20 . 2009-03-30 20:20 -------- d-----w c:\program files\MSBuild
2009-03-30 20:20 . 2009-03-30 20:20 -------- d-----w c:\program files\Reference Assemblies
2009-03-30 15:20 . 2009-03-30 15:20 -------- d-----w c:\program files\Windows Defender
2009-03-16 18:18 . 2009-04-03 01:11 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-03 01:11 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-03 01:11 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-03 01:11 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 19:27 . 2009-04-03 01:11 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-03 01:11 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 19:27 . 2009-04-03 01:11 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-08 08:34 . 2006-06-01 04:17 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-06-01 04:16 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-06-01 04:16 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-06-01 04:17 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-06-01 04:16 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-06-01 04:16 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-06-01 04:16 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-06-01 04:16 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-06-01 04:16 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-06-01 04:16 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-06-01 04:16 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 14:52 . 2007-04-24 22:35 68544 ------w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-15 03:33 . 2007-03-13 19:12 198 ------w c:\documents and settings\Vest\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"Google Update"="c:\documents and settings\Vest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 168026]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 770138]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 290816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-14 655360]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 167936]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 147456]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 196608]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 880640]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 765952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 148888]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 133344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 117616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 487424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 311128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 370392]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-8-12 9618728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\Marker.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"=
"c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Windows Defender\\MpCmdRun.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\pemnpn.sys --> c:\windows\system32\drivers\pemnpn.sys [?]
R4 VBEngNT;VBEngNT;c:\windows\system32\Drivers\VBEngNT.Sys --> c:\windows\system32\Drivers\VBEngNT.Sys [?]
R4 VBFilter;VBFilter;c:\windows\system32\Drivers\VBFilter.Sys --> c:\windows\system32\Drivers\VBFilter.Sys [?]
R4 VBRec;VBRec;c:\windows\system32\Drivers\VBRec.Sys --> c:\windows\system32\Drivers\VBRec.Sys [?]
R4 VBShld;VBShld;c:\windows\system32\Drivers\VBShld.Sys --> c:\windows\system32\Drivers\VBShld.Sys [?]
S2 gupdate1c9b3f84ffd54a;Google Update Service (gupdate1c9b3f84ffd54a);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 9:03 PM 133104]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [7/31/2008 3:51 AM 1115432]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [7/31/2008 3:50 AM 1283368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e63d00-f277-11db-8c34-0019d267ea16}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f3c332-3e3b-11de-9061-0019d267ea16}]
\Shell\AutoPLay\coMmanD - F:\yreu.pif
\Shell\AutoRun\command - F:\yreu.pif
\Shell\EXplOre\Command - F:\yreu.pif
\Shell\OPEN\cOMmaNd - F:\yreu.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40efa48d-3a39-11de-9052-0019d267ea16}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395ca76-3bd1-11de-9059-0019d267ea16}]
\Shell\AutOplAy\cOMMaNd - F:\yvqf.cmd
\Shell\AutoRun\command - F:\yvqf.cmd
\Shell\exPLore\ComMand - F:\yvqf.cmd
\Shell\opEn\ComMANd - F:\yvqf.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395ca7b-3bd1-11de-9059-0019d267ea16}]
\ShELl\AUToplay\COmMand - G:\ceesm.pif
\ShELl\AutoRun\command - G:\ceesm.pif
\ShELl\ExPlore\ComMaNd - G:\ceesm.pif
\ShELl\OpEN\cOMmaNd - G:\ceesm.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395ca7c-3bd1-11de-9059-0019d267ea16}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395ca7d-3bd1-11de-9059-0019d267ea16}]
\shell\AuToPlAy\commaNd - G:\lghybg.exe
\shell\AutoRun\command - G:\lghybg.exe
\shell\ExPlore\Command - G:\lghybg.exe
\shell\Open\comMaND - G:\lghybg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395ca83-3bd1-11de-9059-0019d267ea16}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8d01203-007e-11de-8f6b-0019d267ea16}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebb98f59-1d22-11de-8fed-0019d267ea16}]
\ShElL\AutoplAy\COMMand - F:\bedtq.exe
\ShElL\AutoRun\command - F:\bedtq.exe
\ShElL\expLorE\COmManD - F:\bedtq.exe
\ShElL\oPEn\cOmmand - F:\bedtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 01:03]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3285040913-3577875319-2951002739-1006.job
- c:\documents and settings\Vest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 12:20]

2007-03-12 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-01 00:12]

2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 212.93.193.82:443
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZKxdm021YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {96FC63B8-1F1B-47EA-B449-080324A5CC6D} = 208.182.122.2,208.182.122.130
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\Vest\Application Data\Mozilla\Firefox\Profiles\mmj8ye58.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Vest\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 11:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000195B38586335B72E577

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2009-05-13 11:19
ComboFix-quarantined-files.txt 2009-05-13 15:19

Pre-Run: 32,794,005,504 bytes free
Post-Run: 33,565,331,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

273 --- E O F --- 2009-05-13 13:05
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP