Windows Security Virus?

March 31, 2010 at 17:54:30
Specs: Windows XP
I keep getting popups in my taskbar saying that my computer is not protected and getting "Your Protection" popups and "Network Threat Detected" popups. My fiance clicked on one of them because he wasn't sure what it was and now I got a blue screen and was told to restart my computer. It also put 3 porn links on my desktop that I deleted.

I tried running scans on the computer but it's not picking it up.

Any help will be greatly appreciated!


See More: Windows Security Virus?

Report •


#1
March 31, 2010 at 19:50:02
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Antivirus and any realtime antispyware programs that you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#2
April 1, 2010 at 03:44:31
This is all that the exehelperlog said. Is this the correct thing?

exeHelper by Raktor
Build 20100329
Run at 06:34:51 on 04/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Report •

#3
April 1, 2010 at 03:46:53
Also, I have Malwarebytes already. I think it needs to be updated. I think the virus is not allowing me to update it or to redownload it.

Report •

Related Solutions

#4
April 1, 2010 at 03:50:39
Go ahead and try to run combofix.

Report •

#5
April 1, 2010 at 04:04:19
ComboFix 10-03-29.04 - User 04/01/2010 6:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1495 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\fiosejgfse.dll
c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\windows\_VOIDdstbvrptob
c:\windows\_VOIDdstbvrptob\_VOIDd.sys
c:\windows\_VOIDncvirpuxte
c:\windows\_VOIDncvirpuxte\_VOIDd.sys

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 10:40 . 2010-04-01 10:40 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 00:54 . 2010-03-31 00:55 -------- d-----w- c:\program files\Your Protection
2010-03-14 15:48 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-14 15:48 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-03-14 15:48 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-14 15:48 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-03-14 15:48 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-14 15:48 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-14 15:48 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 10:40 . 2008-12-16 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 10:33 . 2010-02-13 21:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-01 03:25 . 2008-06-07 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-30 20:40 . 2010-02-11 15:55 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-03-30 20:40 . 2010-02-11 15:55 -------- d-----w- c:\documents and settings\User\Application Data\Facebook
2010-03-29 00:43 . 2008-11-23 02:25 -------- d-----w- c:\documents and settings\User\Application Data\Corel
2010-03-29 00:40 . 2008-11-23 02:25 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-28 22:00 . 2009-12-26 14:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-03-28 22:00 . 2009-12-26 14:14 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-22 00:17 . 2008-04-25 01:17 3124 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2010-02-14 01:28 . 2007-07-13 04:41 -------- d-----w- c:\program files\GemMaster
2010-02-13 21:49 . 2010-02-13 21:49 -------- d-----w- c:\program files\SpywareBlaster
2010-02-13 20:41 . 2004-08-10 11:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-13 19:29 . 2008-03-02 17:12 139759 ----a-w- c:\windows\hpoins15.dat
2010-02-13 14:24 . 2009-12-30 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeGuardianV2
2010-02-12 21:42 . 2010-02-12 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-12 21:21 . 2010-02-12 21:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 18:24 . 2010-02-12 18:24 -------- d-----w- c:\program files\Alwil Software
2010-02-12 18:24 . 2010-02-12 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 18:02 . 2009-07-01 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-12 15:14 . 2007-07-13 09:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 15:13 . 2008-02-03 03:45 -------- d-----w- c:\program files\DivX
2010-02-12 14:41 . 2007-07-13 09:21 -------- d-----w- c:\program files\Creative
2010-02-12 14:41 . 2007-07-13 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-02-12 14:40 . 2007-07-13 09:27 -------- d-----w- c:\documents and settings\User\Application Data\Creative
2010-02-11 18:53 . 2010-02-12 18:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-02-12 18:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-02-12 18:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-02-12 18:25 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-02-12 18:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-02-12 18:25 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-02-12 18:25 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-02-12 18:25 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-02-12 18:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-11 15:55 . 2010-02-11 15:55 2107696 ----a-w- c:\documents and settings\User\Application Data\Facebook\Install_Facebook_Plug-In_1.0.1.exe
2010-02-11 03:26 . 2010-02-09 21:16 -------- d-----w- c:\program files\Yahoo!
2010-02-11 03:22 . 2007-07-13 09:36 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2010-02-10 21:13 . 2010-02-10 21:13 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2010-02-09 21:16 . 2010-02-09 21:16 14534 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E7B100D8-98A5-42AA-830F-16D6BD5351F1}\SystemFolder_msiexec.exe
2010-02-09 21:16 . 2010-02-09 21:16 -------- d-----w- c:\program files\Freeze.com
2010-02-09 21:16 . 2010-02-09 21:16 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-02-08 09:53 . 2007-11-04 01:58 -------- d-----w- c:\program files\Google
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\User\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 17:56 . 2009-12-30 15:06 5158792 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\OfficeGuardian.exe
2010-02-01 17:31 . 2009-12-30 15:06 1466368 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\ResourceDll.dll
2010-01-30 12:25 . 2010-01-30 12:25 423464 ----a-w- c:\documents and settings\User\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-01-14 22:11 . 2010-01-14 22:11 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-06-25 18:22 . 2009-06-25 18:22 8 --sh--r- c:\windows\system32\66FF78EEEB.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_15.00.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-13 10:30 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2007-07-13 04:29 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2007-07-13 04:29 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-02-15 18:22 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-02-15 18:22 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-10 11:00 . 2010-03-14 20:11 71308 c:\windows\system32\perfc009.dat
- 2004-08-10 11:00 . 2009-11-01 23:07 71308 c:\windows\system32\perfc009.dat
+ 2007-07-16 20:19 . 2010-03-08 23:36 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-16 01:12 . 2008-12-04 00:52 38496 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2008-12-16 01:12 . 2009-04-06 19:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys
- 2008-12-16 01:12 . 2008-12-04 00:52 15504 c:\windows\system32\drivers\mbam.sys
+ 2008-12-16 01:12 . 2009-04-06 19:32 15504 c:\windows\system32\drivers\mbam.sys
+ 2007-07-13 04:29 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-07-13 04:29 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 11:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-10 11:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2010-03-18 04:55 . 2010-03-18 04:55 22528 c:\windows\Installer\242840d.msi
+ 2007-07-13 04:29 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2007-07-13 04:29 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2007-07-13 04:29 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
- 2004-08-10 11:00 . 2009-11-01 23:07 441624 c:\windows\system32\perfh009.dat
+ 2004-08-10 11:00 . 2010-03-14 20:11 441624 c:\windows\system32\perfh009.dat
+ 2008-04-25 14:43 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
+ 2008-04-25 14:43 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
+ 2010-02-13 21:49 . 2005-08-26 00:18 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2007-07-13 04:29 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-07-13 04:29 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-07-13 04:29 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2007-07-13 04:29 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-07-13 04:29 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 68856]
"Your Protection"="c:\program files\Your Protection\urpprot.exe" [2010-03-31 2355200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 2:25 PM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 2:25 PM 19024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 7:15 PM 24652]
R3 ADM851x;ADMtek ADM8513 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851x.SYS [7/16/2007 4:17 PM 26493]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 12:45 PM 135664]

--- Other Services/Drivers In Memory ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-04 01:30]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:45]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265903714875
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 06:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c506\6&1c5fb30d&0&0000\LogConf]
@DACL=(02 0000)
.
Completion time: 2010-04-01 07:01:28
ComboFix-quarantined-files.txt 2010-04-01 11:01
ComboFix2.txt 2010-02-13 15:02

Pre-Run: 107,515,146,240 bytes free
Post-Run: 107,540,099,072 bytes free

- - End Of File - - 6CA4A05635A9DE49E74B8565C7F9E055


Report •


Ask Question