Still Infected...

I scanned my computer and it said I'm still not virus free. Heres the log that listed still remaining issues:


Remaining issues:Object Name Threat Name Final Status


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFS\ImagePath=]C:\WINDOWS\SYSTEM32\PERFS.EXE Trojan.Agent.CHB Infected


[system]=]C:\WINDOWS\system32\perfs.exe (memory dump) Trojan.Agent.CHB Disinfect Failed


[system]=]C:\WINDOWS\system32\perfs.exe (disk) Trojan.Agent.CHB Disinfect Failed


[system]=]C:\WINDOWS\system32\perfs.exe (full dump) Trojan.Agent.CHB Disinfect Failed


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MABIDWE\ImagePath=]C:\WINDOWS\SYSTEM32\MABIDWE.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MACIDWE\ImagePath=]C:\WINDOWS\SYSTEM32\MACIDWE.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NOXTCYR\ImagePath=]C:\WINDOWS\SYSTEM32\NOXTCYR.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NOYTCYR\ImagePath=]C:\WINDOWS\SYSTEM32\NOYTCYR.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ROXTCTM\ImagePath=]C:\WINDOWS\SYSTEM32\ROXTCTM.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ROYTCTM\ImagePath=]C:\WINDOWS\SYSTEM32\ROYTCTM.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SOTPECA\ImagePath=]C:\WINDOWS\SYSTEM32\SOTPECA.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SOXPECA\ImagePath=]C:\WINDOWS\SYSTEM32\SOXPECA.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TDXDOWKC\ImagePath=]C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TDYDOWKC\ImagePath=]C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE Trojan.Refpron.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSLDOEKD\ImagePath=]C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE Trojan.Refpron.A Infected


[system]=]C:\WINDOWS\system32\mabidwe.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\mabidwe.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\mabidwe.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\macidwe.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\macidwe.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\macidwe.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noxtcyr.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noxtcyr.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noxtcyr.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noytcyr.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noytcyr.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\noytcyr.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roxtctm.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roxtctm.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roxtctm.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roytctm.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roytctm.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\roytctm.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\sotpeca.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\sotpeca.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\sotpeca.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\soxpeca.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\soxpeca.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\soxpeca.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdxdowkc.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdxdowkc.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdxdowkc.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdydowkc.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdydowkc.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\tdydowkc.exe (full dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\wsldoekd.exe (memory dump) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\wsldoekd.exe (disk) Trojan.Refpron.A Disinfect Failed


[system]=]C:\WINDOWS\system32\wsldoekd.exe (full dump) Trojan.Refpron.A Disinfect Failed


Any advice to get rid of these would be greatly appreciated. Thank you!

Comments

  • Bitdefender failed to remove these am i correct?

  • Yes, that's correct. I scanned and tried to quarantine, but it would not let me. I tried deleting them, still would not let me. Had no choice but to leave them alone.

  • rootkit
    rootkit ✭✭✭
    edited October 2008

    Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Open Notepad and copy/paste the text in the quotebox below into it:


    File::


    C:\WINDOWS\system32\perfs.exe


    C:\WINDOWS\SYSTEM32\MABIDWE.EXE


    C:\WINDOWS\SYSTEM32\MACIDWE.EXE


    C:\WINDOWS\SYSTEM32\NOXTCYR.EXE


    C:\WINDOWS\SYSTEM32\NOYTCYR.EXE


    C:\WINDOWS\SYSTEM32\ROXTCTM.EXE


    C:\WINDOWS\SYSTEM32\ROYTCTM.EXE


    C:\WINDOWS\SYSTEM32\SOTPECA.EXE


    C:\WINDOWS\SYSTEM32\SOXPECA.EXE


    C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE


    C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE


    C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE


    Save this as:


    CFScript.txt


    Drag CFScript.txt into ComboFix.exe


    CFScript.gif


    Then post the resultant log here.

  • Strangely, when I scanned again, all the previous viruses that it detected are gone. I tried doing what you said with the combo fix but it doesn't do anything. So does that mean the viruses are gone? Or are they just hiding very well? Haha.

  • rootkit
    rootkit ✭✭✭

    I want to see Combofix scan log :)

  • I want to see Combofix scan log :)


    I tried what you told me, but when I did, it didn't do anything. =/

  • Weird. I tried it again and it worked. Here is the scan log.


    ComboFix 08-10-12.01 - SBT 2008-10-13 10:51:34.1 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.359 [GMT -7:00]


    Running from: C:\Documents and Settings\SBT\Desktop\ComboFix.exe


    Command switches used :: C:\Documents and Settings\SBT\Desktop\CFScript.txt


    * Created a new restore point


    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


    FILE ::


    C:\WINDOWS\SYSTEM32\MABIDWE.EXE


    C:\WINDOWS\SYSTEM32\MACIDWE.EXE


    C:\WINDOWS\SYSTEM32\NOXTCYR.EXE


    C:\WINDOWS\SYSTEM32\NOYTCYR.EXE


    C:\WINDOWS\system32\perfs.exe


    C:\WINDOWS\SYSTEM32\ROXTCTM.EXE


    C:\WINDOWS\SYSTEM32\ROYTCTM.EXE


    C:\WINDOWS\SYSTEM32\SOTPECA.EXE


    C:\WINDOWS\SYSTEM32\SOXPECA.EXE


    C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE


    C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE


    C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat


    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat


    C:\WINDOWS\Downloaded Program Files\MyWebEx


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\aasetup.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atagtctl.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atarm.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas32.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATAS9516.DLL


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas9532.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasanot.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasctrl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ataudio.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atauthor.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atcarmcl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atdl2006.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Ateditor.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atfsdos.vxd


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atinet.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atjpeg60.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atkbctl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atmemmgr.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnetext.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnthost.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpack.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap16.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap95.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcapnt.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATPDRVNT.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atplaykb.vxd


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpng12.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.gpd


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprtses.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATRA9516.DLL


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrares.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Atrcp.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrecply.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atres.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrpui.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atscr.scr


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atstmget.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\attp.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atWbxUI5.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Install.ini


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mwpc.ini


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagt.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtx.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\racfg.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\rafilesp.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ramtmgr.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ratrace.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raupdate.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raurl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\stdnames.gpd


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\trace.txt


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\UILibRes.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.hlp


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrvui.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unires.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\wbxcrypt.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLDrv.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLInst.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLMgr.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\webex_ball_32.ico


    C:\WINDOWS\Downloaded Program Files\MyWebEx\319\xstatus.log


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atarm.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atas32.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasanot.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasctrl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atcarmcl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atdl2006.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atinet.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atjpeg60.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atkbctl.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atmemmgr.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atnetext.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpack.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpng12.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atprtses.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atrares.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atres.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\attp.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atwbxui5.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\rafilesp.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ramtmgr.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ratrace.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\trace.txt


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\uilibres.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLDrv.exe


    C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLMgr.dll


    C:\WINDOWS\Install.txt


    C:\WINDOWS\system32\_000005_.tmp.dll


    C:\WINDOWS\system32\atsxyzd.sys


    C:\WINDOWS\system32\comsa32.sys


    C:\WINDOWS\system32\tpszxyd.sys


    ----- BITS: Possible infected sites -----


    hxxp://download.esd.intuit.com


    .


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    -------\Legacy_AFISICX


    -------\Legacy_MABIDWE


    -------\Legacy_MACIDWE


    -------\Legacy_NOXTCYR


    -------\Legacy_NOYTCYR


    -------\Legacy_PERFS


    -------\Legacy_ROXTCTM


    -------\Legacy_ROYTCTM


    -------\Legacy_SOTPECA


    -------\Legacy_SOXPECA


    -------\Legacy_TDXDOWKC


    -------\Legacy_TDYDOWKC


    -------\Legacy_WSLDOEKD


    ((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))


    .


    2008-10-10 14:56 . 2008-10-10 14:56 <DIR> d-------- C:\ERDNT


    2008-10-08 22:46 . 2008-10-08 22:46 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml


    2008-10-08 22:46 . 2008-10-08 22:46 385 --a------ C:\WINDOWS\system32\user_gensett.xml


    2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\WINDOWS\system32\logs


    2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\Documents and Settings\SBT\Application Data\BitDefender


    2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\BitDefender


    2008-10-08 13:48 . 2008-10-08 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender


    2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Binaries


    2008-10-08 13:46 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\Common Files\BitDefender


    2008-10-06 10:45 . 2008-10-06 10:46 <DIR> d-------- C:\Documents and Settings\IUSER_Admin


    2008-09-13 12:36 . 2008-09-13 12:36 <DIR> d---s---- C:\Documents and Settings\QBDataServiceUser18\UserData


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-10-08 21:06 103,944 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys


    2008-10-08 21:00 --------- d-----w C:\Program Files\Norton AntiVirus


    2008-10-08 21:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared


    2008-10-08 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec


    2008-10-08 20:36 --------- d-----w C:\Program Files\Symantec


    2008-09-24 22:44 --------- d-----w C:\Program Files\Common Files\Intuit


    2008-08-13 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files


    2008-08-13 01:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys


    2008-08-13 01:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys


    2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll


    2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe


    2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll


    2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll


    2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll


    2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll


    2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll


    2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-22 98304]


    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-22 86016]


    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-22 81920]


    "HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [2000-10-26 49152]


    "HP Status"="C:\WINDOWS\system32\hpstatus.exe" [2002-03-04 106496]


    "HP Proxy Server"="C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk" [2007-04-30 888]


    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]


    "IntuitUpdater"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdater.exe" [2007-08-15 38176]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-08 716800]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]


    "SigmatelSysTrayApp"="sttray.exe" [2006-05-26 C:\WINDOWS\sttray.exe]


    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]


    QuickBooks Database Server Manager.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [2008-02-27 156960]


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]


    "AntiVirusDisableNotify"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "C:\\Program Files\\JavaSoft\\JRE\\1.3.1\\bin\\javaw.exe"=


    "C:\\WINDOWS\\system32\\hpbspsvr.exe"=


    "C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=


    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


    R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]


    R2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;C:\Program Files\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-01-29 20480]


    R2 IntuitUpdateService;Intuit Update Service;C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2007-08-15 20480]


    R2 QBPOSDBServiceV7;QBPOS Database Manager v7;C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2008-05-02 2616144]


    R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]


    R2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]


    R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-08 103944]


    S2 atnthost;WebEx Remote Access Agent;C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe [ ]


    S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    .


    **************************************************************************


    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-10-13 11:02:25


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    .


    ------------------------ Other Running Processes ------------------------


    .


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    C:\WINDOWS\system32\hpb2ksrv.exe


    C:\WINDOWS\system32\hpbhksrv.exe


    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe


    C:\Program Files\JavaSoft\JRE\1.3.1\bin\javaw.exe


    C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe


    C:\WINDOWS\system32\stacsv.exe


    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe


    C:\WINDOWS\system32\hpbspsvr.exe


    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    C:\WINDOWS\system32\hpbjdsnt.exe


    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


    C:\WINDOWS\system32\igfxsrvc.exe


    .


    **************************************************************************


    .


    Completion time: 2008-10-13 11:06:04 - machine was rebooted


    ComboFix-quarantined-files.txt 2008-10-13 18:05:56


    Pre-Run: 65,670,168,576 bytes free


    Post-Run: 66,165,612,544 bytes free


    255 --- E O F --- 2007-11-09 11:00:52

  • rootkit
    rootkit ✭✭✭

    Do you still have problems ? :)

  • Do you still have problems ? :)


    The weird thing is, when I scanned again, it never found the viruses it scanned and couldn't delete the first time. After running the combo fix, it deleted a lot of items. What did the Combofix do that Bitdefender couldn't? Thanks for the help.

  • rootkit
    rootkit ✭✭✭

    Combofix is a special tool.


    This tool is not a toy and not for everyday use. :)