Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus/trojan - don't know which - 6 months old [Closed] [Solved]

Started by mpurchases , Apr 07 2010 02:05 PM

  • This topic is locked This topic is locked

#31
mpurchases
Posted 02 May 2010 - 05:00 PM

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
RIght now we have been attempting to scan and the scan is still zero percent and the time clock on the scan is not moving and no files are being scanned. Thihs has happened about 6 times over the past 4 days - among other problems.

Below is what Kaspersky looks like now. IT has been at 1 min 13 seconds for 20 minutes and no files being scanned.

------

Scan statistics

Objects scanned: 0

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 00:01:13
Scan beginning
Scanning in progress (0%)
Select the area for scanning in the Scan section of the left window part.

Last start:
Status:
Please wait, scanning can take some time depending upon the size of the area to scan. You can continue work with other browser windows.

Scanning: NETAPI32.dll
Path: C:\WINDOWS\system32
Configure | View report | Stop scanning
Attention! Anti-virus scanning may be unavailable if your computer already has another anti-virus application installed and running. Please deactivate the anti-virus software installed on your computer and start Kaspersky Online Scanner 7.0 again from the web site of Kaspersky Lab.
  • 0

Advertisements

#32
inzanity
Posted 02 May 2010 - 07:29 PM

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

Let's try this instead:
Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

  • 0

#33
mpurchases
Posted 03 May 2010 - 09:24 AM

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
when we attempt to allow the activeX control to install we get the following message"

A windows internet explorer box pops up and says:
"to display the webpage again, INternet Explorer needs to resend the information you've previously submitted.

If you were making a purchase, you should click cancel to avoid a duplicate transaction. Otherwise, click retry to display the webpage again."

We have attempted to do this 10 times today. Not sure what is going on. I turned my block cookies off, thinking this was the problem.
  • 0

#34
mpurchases
Posted 03 May 2010 - 09:25 AM

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Also - fyi

WHEN I WAS running kapersky scan over the past 4 days, one time the scan - scanned for over 2 hrs, and there was a virus or infected file found. But, the scan never finished. just fyi.
  • 0

#35
ldtate
Posted 05 May 2010 - 05:27 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Hello mpurchases

inzanity has been called away for work so I'll see if I can help.

Please post back and tell me how much RAM memory you have in the computer.

You can do that by Right Clicking on My Computer and selecting Properties.
  • 0

#36
mpurchases
Posted 06 May 2010 - 11:49 AM

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
248 MB of Ram.

We were infected - have been for about 6 months. And the kapersky scan (the one that I ran for two hours, but could not complete) showed infection. Just fyi.

THanks.
  • 0

#37
ldtate
Posted 06 May 2010 - 03:03 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
248 MB of Ram is barely enough to run XP. That's why it's so slow. I'd suggest at least 1 gig.

Run a new Combofix scan and post the results please.
  • 0

#38
mpurchases
Posted 10 May 2010 - 08:37 AM

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ComboFix 10-05-09.06 - user1 05/10/2010 10:12:22.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.95 [GMT -4:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-01 18:14 . 2010-05-01 18:14 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2010-04-29 21:13 . 2010-04-29 21:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 20:58 . 2010-04-24 20:58 -------- d-----w- C:\_OTL
2010-04-24 19:27 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-24 19:27 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-24 19:24 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-14 17:17 . 2010-04-30 01:59 -------- d-sh--w- c:\documents and settings\user1\PrivacIE
2010-04-14 17:12 . 2010-04-30 13:16 -------- d-sh--w- c:\documents and settings\user1\IETldCache
2010-04-14 16:59 . 2010-04-14 17:06 -------- dc-h--w- c:\windows\ie8
2010-04-14 16:58 . 2010-04-14 17:08 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-12 18:53 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 18:53 . 2010-04-29 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 18:53 . 2010-04-29 16:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 22:28 . 2007-02-02 18:10 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2010-04-30 20:02 . 2008-11-06 14:35 -------- d-----w- c:\documents and settings\user1\Application Data\skypePM
2010-04-29 21:18 . 2005-12-02 00:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 21:14 . 2010-04-29 21:14 503808 ----a-w- c:\documents and settings\user1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f593cd5-n\msvcp71.dll
2010-04-29 21:14 . 2010-04-29 21:14 499712 ----a-w- c:\documents and settings\user1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f593cd5-n\jmc.dll
2010-04-29 21:14 . 2010-04-29 21:14 348160 ----a-w- c:\documents and settings\user1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f593cd5-n\msvcr71.dll
2010-04-29 21:14 . 2010-04-29 21:14 61440 ----a-w- c:\documents and settings\user1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5a0e6f96-n\decora-sse.dll
2010-04-29 21:14 . 2010-04-29 21:14 12800 ----a-w- c:\documents and settings\user1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5a0e6f96-n\decora-d3d.dll
2010-04-29 21:11 . 2005-12-02 00:45 -------- d-----w- c:\program files\Java
2010-04-24 21:29 . 2010-04-24 21:29 439816 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 17:57 . 2007-06-19 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-14 17:07 . 2006-01-25 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-04-14 17:07 . 2005-12-07 01:00 -------- d-----w- c:\program files\Yahoo!
2010-04-14 16:47 . 2010-04-07 15:49 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-04-07 15:49 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-04-07 15:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-04-07 15:51 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-04-07 15:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-04-07 15:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-04-07 15:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-04-07 15:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-04-07 15:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-07 15:49 . 2010-04-07 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-07 15:49 . 2010-04-07 15:49 -------- d-----w- c:\program files\Alwil Software
2010-04-07 15:16 . 2010-04-07 15:16 -------- d-----w- c:\program files\ERUNT
2010-03-30 12:13 . 2010-03-30 12:13 52224 ----a-w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-30 12:12 . 2010-03-30 12:12 117760 ----a-w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-30 12:11 . 2010-03-30 12:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-30 12:11 . 2010-03-30 12:11 -------- d-----w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com
2010-03-30 12:10 . 2010-03-30 12:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-24 21:05 . 2008-12-26 22:10 2387420 ----a-w- C:\MGtools.exe
2010-03-23 12:16 . 2005-12-29 23:56 -------- d-----w- c:\program files\Google
2010-03-20 23:29 . 2010-03-20 23:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-11 16:57 . 2009-12-31 20:00 1 ----a-w- c:\documents and settings\user1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2005-12-02 00:14 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 00:25 . 2004-08-04 04:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-16 13:19 . 2004-08-10 18:51 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 04:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-01-16 22:17 . 2006-01-16 22:19 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-11-06 00:06 . 2006-01-02 01:47 104 --sh--r- c:\windows\system32\3DB7F92009.sys
2008-11-06 00:06 . 2006-01-02 01:47 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-24_18.28.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 06:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2004-08-10 18:51 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2004-08-10 18:51 . 2004-08-04 11:00 11264 c:\windows\system32\msrle32.dll
+ 2004-08-10 18:51 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
+ 2007-08-13 23:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 18:51 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 18:51 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 06:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 06:56 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-12-07 13:51 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-07 13:51 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:22 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 06:56 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:35 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2009-06-10 14:21 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-10 18:50 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-10 18:50 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
- 2004-08-10 18:50 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
+ 2004-08-10 18:50 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll
+ 2010-04-25 00:33 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-25 00:32 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-25 00:32 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-18 04:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-18 04:36 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2004-08-10 18:51 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-08-10 18:51 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll
- 2004-08-10 18:51 . 2008-08-20 05:38 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-10 18:51 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2004-08-10 18:51 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2004-08-10 18:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
- 2004-08-10 19:01 . 2004-08-04 11:00 343040 c:\windows\system32\mspaint.exe
+ 2004-08-10 19:01 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
- 2007-08-13 23:54 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
- 2004-08-10 18:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 18:51 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2010-04-29 21:13 . 2010-04-29 21:12 153376 c:\windows\system32\javaws.exe
+ 2010-04-29 21:13 . 2010-04-29 21:12 145184 c:\windows\system32\javaw.exe
- 2009-12-31 19:49 . 2009-12-31 19:49 145184 c:\windows\system32\javaw.exe
- 2009-12-31 19:49 . 2009-12-31 19:49 145184 c:\windows\system32\java.exe
+ 2010-04-29 21:13 . 2010-04-29 21:12 145184 c:\windows\system32\java.exe
+ 2004-08-10 18:51 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 18:51 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 18:51 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:51 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2005-12-02 00:14 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-05-10 05:23 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-12-18 14:40 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-12-18 14:40 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-08-16 09:37 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2006-04-21 06:12 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2006-05-10 05:23 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-05-10 05:23 . 2008-08-20 05:38 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 23:44 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-12-16 12:58 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-12-07 13:51 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-07 13:51 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-05-05 09:41 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2006-05-18 05:24 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2006-05-18 05:24 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-05-10 05:22 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:39 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-08-16 11:58 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-04-29 21:18 . 2010-04-29 21:18 180224 c:\windows\Installer\4a6e3.msi
+ 2010-04-29 21:11 . 2010-04-29 21:11 577536 c:\windows\Installer\4a6de.msi
+ 2010-04-25 00:34 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-25 00:34 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-25 00:34 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-04-25 00:32 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-25 00:33 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-25 00:33 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-25 00:32 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-25 00:32 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-25 00:32 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-25 00:33 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-25 00:32 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-25 00:33 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-25 00:33 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-04-25 00:41 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-04-25 00:41 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-04-25 00:41 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-04-25 00:31 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-04-25 00:31 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-04-25 00:31 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2005-12-02 00:44 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2004-08-10 18:51 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-10 18:51 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2004-08-10 18:51 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:23 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:18 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-12-05 18:52 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-12-05 18:51 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-12-05 18:51 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-12-05 18:52 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-07 13:51 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2006-01-04 21:32 . 2010-05-02 23:21 3777536 c:\windows\Installer\1a65b0.msi
- 2006-01-04 21:32 . 2010-04-16 16:41 3777536 c:\windows\Installer\1a65b0.msi
+ 2010-04-25 00:32 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-25 00:32 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-25 00:32 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2005-03-02 00:59 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-12-29 20:23 . 2010-04-06 14:52 31971272 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2010-02-25 15:54 11070976 c:\windows\system32\ieframe.dll
+ 2008-12-07 13:50 . 2010-02-25 15:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-25 00:32 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\user1\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-11-18 02:50 258048 ------w- c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 07:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
2001-01-23 19:00 794112 ----a-w- c:\windows\system32\LXSUPMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-01-23 18:29 36864 ----a-w- c:\windows\system32\spool\drivers\w32x86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 19:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-25 19:55 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VF0060 STISvc]
2004-11-01 01:00 36864 ----a-r- c:\windows\system32\V0060Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"MpfService"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=3 (0x3)
"McODS"=3 (0x3)
"McNASvc"=3 (0x3)
"mcmscsvc"=3 (0x3)
"McAfee SiteAdvisor Service"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"YahooAUService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/7/2010 11:51 AM 162768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/7/2010 11:51 AM 19024]
S1 spusbaudio;USB Microphone;c:\windows\system32\drivers\CA506AA.sys [2/10/2007 7:09 PM 39824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 SPCA506AV;X10 VA11A Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2/10/2007 7:09 PM 162096]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2/5/2007 6:54 PM 196409]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: Yahoo.com\www
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 10:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-10 10:34:31
ComboFix-quarantined-files.txt 2010-05-10 14:34
ComboFix2.txt 2010-04-24 18:34
ComboFix3.txt 2009-01-02 20:04

Pre-Run: 524,558,336 bytes free
Post-Run: 616,648,704 bytes free

- - End Of File - - 88ADD8497FA5BAC6892745F0F9CB8192
  • 0

#39
ldtate
Posted 10 May 2010 - 05:58 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Your scan are clean of any malware / virus' that I can see.

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


To be on the safe side, I would also change all my passwords.


Here's my usual all clean post

Log looks good :)


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:[list=1]
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:
  • 0

#40
ldtate
Posted 14 May 2010 - 10:17 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP