 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:49
 ·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
| reply to gda6
Re: HJT Log IE7 Browser Gets Redirected I'm going to open those logs up for ease of viewing
Malwarebytes' Anti-Malware 1.37
Database version: 2296
Windows 5.1.2600 Service Pack 3
6/17/2009 8:40:49 AM
mbam-log-2009-06-17 (08-40-49).txt
Scan type: Quick Scan
Objects scanned: 81942
Time elapsed: 2 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
ComboFix 09-06-17.02 - Lamar 06/17/2009 20:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1633 [GMT -5:00]
Running from: c:\documents and settings\Lamar\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Lamar\Application Data\inst.exe
c:\windows\system32\drivers\SKYNETpmeevkax.sys
c:\windows\system32\SKYNETgylclswx.dat
c:\windows\system32\SKYNETkpuakgyd.dll
c:\windows\system32\SKYNETowfnanim.dll
c:\windows\system32\SKYNETqkkeuytv.dat
----- BITS: Possible infected sites -----
hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETyutgwmri
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-17 13:43 . 2009-06-17 13:56 -------- d-----w- c:\temp\working
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\documents and settings\Lamar\Application Data\Malwarebytes
2009-06-17 13:36 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 13:36 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 13:34 . 2009-06-17 13:34 3371384 ----a-w- c:\temp\mbam-setup.exe
2009-06-17 04:26 . 2009-06-17 04:26 -------- d-----w- c:\program files\Trend Micro
2009-06-17 04:24 . 2009-06-17 04:24 812344 ----a-w- c:\temp\HJTInstall.exe
2009-06-17 04:15 . 2009-06-17 03:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-17 03:09 . 2009-06-17 03:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-17 03:09 . 2009-06-17 03:09 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-17 03:09 . 2009-06-17 03:09 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-17 03:09 . 2009-06-17 03:09 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-17 03:09 . 2009-06-17 03:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-17 03:09 . 2009-06-17 03:09 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-17 03:09 . 2009-06-17 03:09 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-17 03:09 . 2009-06-17 03:09 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-17 03:08 . 2009-06-17 03:08 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-17 03:08 . 2009-06-17 03:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-17 03:08 . 2009-06-17 03:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-17 03:08 . 2009-06-17 03:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-17 03:08 . 2009-06-17 03:08 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-17 03:08 . 2009-06-17 03:08 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-17 03:08 . 2009-06-17 03:08 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-17 03:08 . 2009-06-17 03:08 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-17 03:08 . 2009-06-17 03:08 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-17 03:08 . 2009-06-17 03:08 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-17 03:08 . 2009-06-17 03:08 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-17 03:07 . 2009-06-17 03:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 03:07 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-17 03:07 . 2009-06-17 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-17 03:07 . 2009-06-17 03:07 -------- d-----w- c:\program files\Lavasoft
2009-06-17 03:06 . 2009-06-17 03:06 37452296 ----a-w- c:\temp\Ad-AwareAE.exe
2009-06-17 00:41 . 2009-06-17 02:45 -------- d-----w- c:\documents and settings\Lamar\.housecall6.6
2009-06-16 05:03 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-16 05:03 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-16 05:03 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-16 05:03 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-16 05:03 . 2009-06-16 05:03 -------- d-----w- c:\program files\Avira
2009-06-16 05:03 . 2009-06-16 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-16 04:47 . 2009-06-16 04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-16 04:44 . 2009-06-16 04:44 30075904 ----a-w- c:\temp\avira_antivir_personal_en.exe
2009-06-16 04:39 . 2009-06-16 04:39 16409960 ----a-w- c:\temp\spybotsd162.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 04:49 . 2008-05-31 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 23:49 . 2008-06-03 20:48 -------- d-----w- c:\documents and settings\Lamar\Application Data\NewsBin
2009-06-07 15:18 . 2009-06-07 15:19 3087360 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-07 15:18 . 2009-06-07 15:19 1887744 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-04 14:18 . 2008-08-12 09:36 -------- d-----w- c:\documents and settings\Lamar\Application Data\dvdcss
2009-06-01 01:56 . 2009-02-07 03:00 -------- d-----w- c:\program files\DYMO DiscPainter
2009-05-30 21:16 . 2009-05-30 21:19 1884160 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-05-30 21:16 . 2009-05-30 21:19 372224 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-05-22 06:32 . 2008-06-05 02:24 -------- d-----w- c:\documents and settings\Lamar\Application Data\CopyToDvd
2009-05-22 06:24 . 2008-06-05 02:15 -------- d-----w- c:\program files\VSO
2009-05-12 07:34 . 2008-10-25 09:12 2595102 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-05 18:15 . 2009-01-12 02:48 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-30 02:12 . 2009-03-30 03:09 60928 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-03-30 01:50 . 2009-03-30 03:09 1833472 ----a-w- c:\windows\Internet Logs\xDB20.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-01-26 902936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Omnipage"="c:\program files\ScanSoft\OmniPagePro11.0\opware32.exe" [2001-06-21 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"dyaaserv.exe"="c:\program files\DYMO DiscPainter\Drivers\dyaaserv.exe" [2007-11-12 177152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/16/2009 10:09 PM 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [6/3/2003 3:52 PM 123957]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [6/3/2003 3:52 PM 46900]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/16/2009 12:03 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys [10/22/2007 12:07 PM 35200]
.
Contents of the 'Scheduled Tasks' folder
2009-06-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-06-17 20:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-18 20:46
ComboFix-quarantined-files.txt 2009-06-18 01:46
Pre-Run: 57,662,877,696 bytes free
Post-Run: 57,822,457,856 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
164 --- E O F --- 2009-06-10 00:03
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~ |
