Tons Of Antispyware 2009 And Other Annoying Popups!

conspiracy23
conspiracy23
edited December 2008 in Malware talk

I'm getting tons of Antivirus 2009 popups, some registry defender popups, and tons of other annoying fake security program popups. I already used ComboFix but the popups still continue.


Here is the Combofix log!


ComboFix 08-12-25.04 - Owner 2008-12-26 1:03:44.1 - NTFSx86


Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.204 [GMT -5:00]


Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe


Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe


* Created a new restore point


.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


.


c:\windows\system32\sakalimo.dll


c:\windows\system32\tudotipi.dll


D:\Autorun.inf


.


((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))


.


2008-12-26 01:31 . 2003-08-26 03:28 96,256 -ra------ c:\windows\system32\drivers\LSIPNDS.sys


2008-12-26 01:26 . 2004-08-04 14:00 221,184 --a------ c:\windows\system32\wmpns.dll


2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS


2008-12-26 01:25 . 2004-08-27 04:54 <DIR> d-------- c:\documents and settings\Default User\WINDOWS


2008-12-26 01:25 . 2003-01-10 13:58 351,526 --a------ c:\windows\WBDDA34I.DLL


2008-12-26 01:25 . 2008-12-26 01:25 29 --a------ c:\windows\wwwbatch.ini


2008-12-26 01:23 . 2008-12-26 01:23 8,192 --a------ c:\windows\REGLOCS.OLD


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee.com


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\McAfee


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\program files\Common Files\McAfee


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\SampleView


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee.com


2008-12-26 01:21 . 2008-12-26 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee


2008-12-26 01:21 . 2004-10-20 12:08 341,064 --a------ c:\windows\system32\mcinsctl.dll


2008-12-26 01:21 . 2004-10-20 12:08 279,624 --a------ c:\windows\system32\mcgdmgr.dll


2008-12-26 01:21 . 2008-12-26 01:21 0 --a------ c:\windows\system32\eMachines_W3050_Versionxx_CA74C10006533.MRK


2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\windows\Downloaded Installations


2008-12-26 01:20 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Digital Media Reader


2008-12-26 01:19 . 2003-03-25 08:00 67,072 --a------ c:\windows\POWERCFG.EXE


2008-12-26 01:19 . 2004-09-03 19:07 20,480 --a------ c:\windows\system32\Marker32.exe


2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\program files\CyberLink


2008-12-26 01:18 . 2008-12-26 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink


2008-12-26 01:17 . 2008-12-26 01:17 <DIR> d-------- c:\program files\Microsoft Works


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\windows\occache


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Viewpoint


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Pure Networks


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Learn2.com


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\Ahead


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\BigFix


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Companion


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Ahead


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint


2008-12-26 01:16 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\windows\system32\QuickTime


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Real


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\QuickTime


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Real


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\program files\Common Files\Nullsoft


2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\aolshare


2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\AOL Toolbar


2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\program files\America Online 9.0


2008-12-26 01:15 . 2008-12-26 01:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime


2008-12-26 01:15 . 2008-12-26 01:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL


2008-12-26 01:14 . 2008-12-26 01:14 <DIR> d-------- c:\windows\system32\URTTemp


2008-12-26 01:14 . 2008-12-26 01:16 <DIR> d-------- c:\program files\Common Files\AOL


2008-12-26 01:14 . 2008-12-26 01:16 837 --ah----- C:\IPH.PH


2008-12-26 01:14 . 2008-12-26 01:14 335 --a------ c:\windows\nsreg.dat


2008-12-26 01:13 . 2008-12-26 01:13 <DIR> d-------- c:\program files\MSN Encarta Plus


2008-12-26 01:13 . 2008-12-26 01:14 <DIR> d-------- c:\program files\Microsoft Money


2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\NVIDIA Corporation


2008-12-26 01:12 . 2008-12-26 01:18 <DIR> d--h----- c:\program files\InstallShield Installation Information


2008-12-26 01:12 . 2008-12-26 01:12 <DIR> d-------- c:\program files\Common Files\NVIDIA Shared


2008-12-26 01:11 . 2008-12-26 01:20 <DIR> d-------- c:\program files\Common Files\InstallShield


2008-12-26 01:10 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Java


2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\New Boundary


2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\program files\Common Files\Java


2008-12-26 01:10 . 2008-12-26 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prism Deploy


2008-12-26 01:07 . 2008-12-26 01:19 <DIR> d-------- c:\program files\Norton AntiVirus


2008-12-26 01:06 . 2008-12-26 01:07 <DIR> d-------- c:\program files\Symantec


2008-12-26 01:06 . 2008-12-26 00:16 <DIR> d-------- c:\program files\Common Files\Symantec Shared


2008-12-26 01:06 . 2008-12-26 01:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec


2008-12-26 01:06 . 2004-08-09 13:59 103,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS


2008-12-26 01:06 . 2004-08-09 13:59 83,168 --a------ c:\windows\system32\S32EVNT1.DLL


2008-12-26 01:06 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll


2008-12-26 01:06 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys


2008-12-26 01:05 . 2008-12-26 01:05 <DIR> d-------- c:\program files\CONEXANT


2008-12-26 01:05 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys


2008-12-26 01:05 . 2004-08-04 02:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys


2008-12-26 01:05 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys


2008-12-26 01:05 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys


2008-12-26 01:04 . 2004-08-04 02:08 26,624 --a------ c:\windows\system32\drivers\usbehci.sys


2008-12-26 01:04 . 2004-08-04 02:08 17,024 --a------ c:\windows\system32\drivers\usbohci.sys


2008-12-26 01:04 . 2004-08-04 03:56 7,168 --a------ c:\windows\system32\hccoin.dll


2008-12-26 00:54 . 2008-12-26 00:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Template


2008-12-26 00:54 . 2005-08-02 17:45 1,552 -ra------ c:\windows\system32\lxce.loc


2008-12-26 00:54 . 2008-12-26 00:54 0 --a------ c:\documents and settings\Owner\Application Data\wklnhst.dat


2008-12-26 00:52 . 2008-12-26 01:06 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}


2008-12-26 00:52 . 2008-12-26 00:53 <DIR> d-------- c:\program files\Lexmark 4300 Series


2008-12-26 00:52 . 2005-02-23 10:48 1,267,333 --a------ c:\windows\system32\lxcehelp.hlp


2008-12-26 00:52 . 2005-02-23 05:33 983,091 --a------ c:\windows\system32\lxcegf.dll


2008-12-26 00:52 . 2005-07-28 03:24 172,032 --a------ c:\windows\system32\lxceinsb.dll


2008-12-26 00:52 . 2005-07-28 03:24 131,072 --a------ c:\windows\system32\lxceins.dll


2008-12-26 00:52 . 2005-07-28 03:25 98,304 --a------ c:\windows\system32\lxceinsr.dll


2008-12-26 00:52 . 2005-07-28 03:24 86,016 --a------ c:\windows\system32\lxcecub.dll


2008-12-26 00:52 . 2005-07-28 03:24 73,728 --a------ c:\windows\system32\lxcecu.dll


2008-12-26 00:52 . 2005-07-28 03:25 36,864 --a------ c:\windows\system32\lxcecur.dll


2008-12-26 00:52 . 2005-01-13 06:52 7,720 --a------ c:\windows\system32\lxcehelp.cnt


2008-12-26 00:52 . 2008-12-26 00:55 1,125 --a------ C:\LXCEINST.csv


2008-12-26 00:52 . 2008-12-26 00:52 0 --a------ C:\lxcefire.csv


2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\SMINST


2008-12-26 00:46 . 2008-12-26 01:06 <DIR> d-------- c:\windows\creator


2008-12-26 00:46 . 2008-12-26 01:02 <DIR> d-------- c:\windows\CACHE


2008-12-26 00:46 . 2008-12-26 00:52 <DIR> dr------- C:\Program Files


2008-12-26 00:46 . 2008-12-26 01:15 <DIR> dr------- c:\documents and settings\All Users\Documents


2008-12-26 00:46 . 2004-06-17 15:55 1,041,536 --a------ c:\windows\system32\drivers\HSF_DP.sys


2008-12-26 00:46 . 2004-06-17 15:55 685,056 --a------ c:\windows\system32\drivers\HSF_CNXT.sys


2008-12-26 00:46 . 2004-06-17 15:56 220,032 --a------ c:\windows\system32\drivers\HSFHWBS2.sys


2008-12-26 00:46 . 2004-06-17 15:30 129,045 --a------ c:\windows\system32\drivers\HSFProf.cty


2008-12-26 00:46 . 2004-03-17 12:00 86,016 --a------ c:\windows\system32\mdmxsdk.dll


2008-12-26 00:46 . 2004-08-04 15:34 39,018 --a------ c:\windows\system32\HSFCI011.dll


2008-12-26 00:46 . 2004-03-17 12:04 13,059 --a------ c:\windows\system32\drivers\mdmxsdk.sys


2008-12-26 00:46 . 2008-12-26 00:46 60 --a------ c:\windows\system32\SYSDRV.DAT


2008-12-26 00:43 . 2008-12-26 00:53 <DIR> dr-hsc--- c:\windows\system32\dllcache


2008-12-25 23:49 . 2008-12-26 00:24 <DIR> d-------- c:\program files\Spyware Doctor


2008-12-25 23:49 . 2008-12-25 23:49 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools


2008-12-25 23:49 . 2008-12-26 01:01 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP


2008-12-25 23:49 . 2008-12-26 00:23 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys


2008-12-25 23:49 . 2008-12-26 00:23 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys


2008-12-25 23:49 . 2008-12-26 00:23 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys


2008-12-25 23:49 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys


2008-12-25 23:48 . 2008-12-25 23:48 <DIR> d-------- c:\program files\Common Files\Download Manager


2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Lavasoft


2008-12-25 23:47 . 2008-12-25 23:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard


2008-12-25 23:47 . 2008-12-25 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft


2008-12-25 23:40 . 2008-12-25 23:40 1,603,449 ---hs---- c:\windows\system32\elonidiw.ini


2008-12-25 23:36 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!


2008-12-25 23:36 . 2008-12-25 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion


2008-12-25 23:36 . 2008-12-25 23:36 410,984 --a------ c:\windows\system32\deploytk.dll


2008-12-25 23:36 . 2008-12-25 23:36 73,728 --a------ c:\windows\system32\javacpl.cpl


2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\program files\Yahoo!


2008-12-25 23:35 . 2008-12-25 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!


2008-12-25 23:32 . 2008-12-25 23:32 <DIR> d-------- c:\program files\uTorrent


2008-12-25 23:32 . 2008-12-26 00:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent


.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


.


2008-12-26 06:15 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys


.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


.


.


*Note* empty entries & legit default entries are not shown


REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]


2008-07-28 05:47 160496 --a------ c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]


"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]


"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]


"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]


"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-17 132248]


"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]


"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]


"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]


"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]


"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]


"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]


"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]


"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]


"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]


"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]


"jujewefuma"="c:\windows\system32\rejufopa.dll" [2008-09-25 60928]


"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]


"nwiz"="nwiz.exe" [2004-07-12 c:\windows\system32\nwiz.exe]


c:\documents and settings\All Users\Start Menu\Programs\Startup\


BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-12-26 1742384]


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]


"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]


Notification Packages REG_MULTI_SZ scecli c:\windows\system32\sakalimo.dll


[HKEY_LOCAL_MACHINE\software\microsoft\security center]


"UpdatesDisableNotify"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]


"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


"%windir%\\system32\\sessmgr.exe"=


"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=


"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=


"c:\\Program Files\\America Online 9.0\\waol.exe"=


"c:\\Program Files\\uTorrent\\uTorrent.exe"=


"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=


"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=


"c:\\WINDOWS\\system32\\rundll32.exe"=


R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2008-12-26 96256]


S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-25 356920]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D30E61EF-1947-476D-396B-417E2F088C78}]


c:\windows\system32:winup32.exe


.


Contents of the 'Scheduled Tasks' folder


2008-12-26 c:\windows\Tasks\ISP signup reminder 1.job


- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]


2008-12-26 c:\windows\Tasks\ISP signup reminder 2.job


- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]


2008-12-26 c:\windows\Tasks\ISP signup reminder 3.job


- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]


2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job


- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 04:00]


2008-12-26 c:\windows\Tasks\McAfee AntiSpyware.job


- c:\progra~1\McAfee\MCAFEE~1 [2008-12-26 01:21]


2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job


- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 19:34]


2008-12-26 c:\windows\Tasks\McAfee.com Update Check (YOUR-F343DF5173-Owner).job


- c:\progra~1\mcafee.com\agent [2008-12-26 01:21]


2008-12-26 c:\windows\Tasks\Symantec NetDetect.job


- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 20:26]


.


- - - - ORPHANS REMOVED - - - -


BHO-{e348c788-f57b-4bd0-bb63-56b3c17e7fd5} - c:\windows\system32\kewevuro.dll


WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


HKLM-Run-Windows/winup32 - c:\windows\system32:winup32.exe


.


------- Supplementary Scan -------


.


uStart Page = hxxp://www.yahoo.com/


mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html


uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/


uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com


O16 -: {C932BA85-4374-101B-A56C-00AA003668DC}


FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\erhmgqnz.default\


FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll


.


**************************************************************************


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


Rootkit scan 2008-12-26 01:07:00


Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


HKLM\Software\Microsoft\Windows\CurrentVersion\Run


Windows/winup32 = c:\windows\system32:winup32.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????


scanning hidden files ...


c:\windows\system32:winup32.exe 53248 bytes executable


scan completed successfully


hidden files: 1


**************************************************************************


.


------------------------ Other Running Processes ------------------------


.


c:\program files\Common Files\Symantec Shared\ccSetMgr.exe


c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe


c:\program files\Lavasoft\Ad-Aware\aawservice.exe


c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe


c:\windows\system32\rundll32.exe


c:\program files\Internet Explorer\IEXPLORE.EXE


c:\program files\Java\jre6\bin\jqs.exe


c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe


c:\program files\Norton AntiVirus\navapsvc.exe


c:\program files\Norton AntiVirus\IWP\NPFMntor.exe


c:\windows\system32\nvsvc32.exe


c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


c:\windows\system32\rundll32.exe


c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe


.


**************************************************************************


.


Completion time: 2008-12-26 1:09:35 - machine was rebooted


ComboFix-quarantined-files.txt 2008-12-26 06:09:32


Pre-Run: 71,465,086,976 bytes free


Post-Run: 71,459,741,696 bytes free


WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe


[boot loader]


timeout=2


default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS


[operating systems]


c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


275

Comments

  • rootkit
    rootkit ✭✭✭

    @ conspiracy23


    I don't see Bitdefender in you log.


    Download Malwarebytes' Anti-malware from here:


    http://www.malwarebytes.org/mbam/program/mbam-setup.exe


    Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.


    Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.


    malwarebytes1.png


    After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.


    a5163075fd548685aa01c10a88346d17.png


    When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.


    Paste the scan log here. :)

All Time Leaders

Categories

Defenders of the month