Infected 100% sure

hells3000 · 10-20-2009, 11:28 AM

My sister plugged a Flash drive into my laptop, I saw antivir notify like 10 times and I automatically unplugged the flash.

thanks for you're help

Scans----------

ComboFix 09-10-19.01 - GUSTAVO 10/19/2009 1:50.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.998.165 [GMT -7:00]
Running from: c:\users\GUSTAVO\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-554068595-375431133-3777811005-500
c:\users\GUSTAVO\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\windows\Installer\19b632.msi
c:\windows\Installer\19b637.msi
c:\windows\Installer\19b63c.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 08:17 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-19 08:17 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-19 08:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-19 08:17 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-19 08:16 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-19 08:16 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-19 08:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-19 08:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-19 08:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-19 08:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-19 08:09 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 08:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-19 08:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-19 08:09 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 08:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-19 08:08 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 08:08 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 10:46 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 07:08 . 2009-09-21 07:08 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-19 08:39 . 2009-09-16 23:16 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\uTorrent
2009-10-19 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-18 07:46 . 2009-09-18 06:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-18 07:02 . 2009-09-18 06:38 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-18 06:40 . 2009-09-18 06:37 -------- d-----w- c:\programdata\Lavasoft
2009-09-18 06:37 . 2009-09-18 06:37 -------- d-----w- c:\program files\Lavasoft
2009-09-18 06:31 . 2009-09-18 06:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 04:13 . 2009-09-18 04:13 -------- d-----w- c:\program files\Trend Micro
2009-09-18 04:13 . 2009-09-18 04:13 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\Malwarebytes
2009-09-18 04:13 . 2009-09-18 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 04:12 . 2009-09-18 04:12 -------- d-----w- c:\programdata\Malwarebytes
2009-09-17 21:16 . 2009-05-20 19:56 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\mIRC
2009-09-16 23:22 . 2009-03-12 07:54 -------- d-----w- c:\program files\VirtualDJ
2009-09-16 23:16 . 2009-09-16 23:16 -------- d-----w- c:\program files\uTorrent
2009-09-16 22:33 . 2009-03-12 03:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-16 22:32 . 2009-03-05 07:33 -------- d-----w- c:\program files\Java
2009-09-16 22:27 . 2009-03-12 03:08 99008 ----a-w- c:\users\GUSTAVO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-16 22:24 . 2009-03-05 08:02 -------- d-----w- c:\programdata\Microsoft Help
2009-09-16 22:06 . 2009-09-16 22:06 -------- d-----w- c:\programdata\Roaming
2009-09-16 22:01 . 2009-09-16 22:01 -------- d-----w- c:\program files\Cisco
2009-09-16 22:01 . 2009-09-16 22:01 -------- d-----w- c:\program files\Common Files\Intel
2009-09-16 22:00 . 2009-03-12 04:13 -------- d-----w- c:\program files\Intel
2009-09-16 21:40 . 2005-04-06 19:38 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\Samsung
2009-09-10 21:54 . 2009-09-18 04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-09-18 04:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 01:35 . 2009-04-14 01:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-14 16:27 . 2009-09-16 21:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-16 21:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-16 21:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-16 21:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-16 21:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-16 21:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-16 21:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-16 21:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-16 21:34 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-16 21:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-16 21:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-25 12:23 . 2009-05-09 22:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-17 01:34 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-17 01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-17 01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-17 01:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-16 288560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.D LL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL " [2009-01-15 214576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2007-03-28 243248]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\Lenov oOobeOffers.exe" [2007-09-25 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-10-07 154136]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-07 178712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLC HK.exe" [2008-09-01 124248]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe " [2008-09-01 165208]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-29 1241872]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-11 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2004-6-18 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-21 07:35 95496 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,e0,4a,f3,fe,df,c9,01

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsH M86.sys [2007-10-17 19504]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-13 13480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-09-29 309008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-25 1028432]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-15 66848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560]
S2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\TP4SERVINST.EXE [2008-03-04 35616]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-10-24 58736]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2008-03-04 22568]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 06:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\GUSTAVO\AppData\Roaming\Mozilla\Firefox\P rofiles\pmb5bdn7.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 02:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Lenovo\TrackPoint\tp4serv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\combofix\CF26612.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
.
************************************************** ************************
.
Completion time: 2009-10-19 2:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 09:13

Pre-Run: 77,191,897,088 bytes free
Post-Run: 76,077,703,168 bytes free

- - End Of File - - D13CE7E09A3DD1088A9E4FB4221FFD1A

10-20-2009, 11:28 AM	#1 (permalink)
hells3000 Platinum Member Join Date: Sep 2005 Location: In My House Posts: 948	Infected 100% sure My sister plugged a Flash drive into my laptop, I saw antivir notify like 10 times and I automatically unplugged the flash. thanks for you're help Scans---------- ComboFix 09-10-19.01 - GUSTAVO 10/19/2009 1:50.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.998.165 [GMT -7:00] Running from: c:\users\GUSTAVO\Downloads\ComboFix.exe SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-554068595-375431133-3777811005-500 c:\users\GUSTAVO\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Logitech . Product Registration.lnk c:\windows\Installer\19b632.msi c:\windows\Installer\19b637.msi c:\windows\Installer\19b63c.msi . ((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 ))))))))))))))))))))))))))))))) . 2009-10-19 08:17 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-10-19 08:17 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-10-19 08:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-19 08:17 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-19 08:16 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-19 08:16 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-19 08:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-19 08:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-19 08:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-19 08:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-19 08:09 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-19 08:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-19 08:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-19 08:09 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-19 08:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-19 08:08 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-19 08:08 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-03 10:46 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-21 07:08 . 2009-09-21 07:08 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-10-19 08:39 . 2009-09-16 23:16 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\uTorrent 2009-10-19 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-18 07:46 . 2009-09-18 06:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-09-18 07:02 . 2009-09-18 06:38 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-18 06:40 . 2009-09-18 06:37 -------- d-----w- c:\programdata\Lavasoft 2009-09-18 06:37 . 2009-09-18 06:37 -------- d-----w- c:\program files\Lavasoft 2009-09-18 06:31 . 2009-09-18 06:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-18 04:13 . 2009-09-18 04:13 -------- d-----w- c:\program files\Trend Micro 2009-09-18 04:13 . 2009-09-18 04:13 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\Malwarebytes 2009-09-18 04:13 . 2009-09-18 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-18 04:12 . 2009-09-18 04:12 -------- d-----w- c:\programdata\Malwarebytes 2009-09-17 21:16 . 2009-05-20 19:56 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\mIRC 2009-09-16 23:22 . 2009-03-12 07:54 -------- d-----w- c:\program files\VirtualDJ 2009-09-16 23:16 . 2009-09-16 23:16 -------- d-----w- c:\program files\uTorrent 2009-09-16 22:33 . 2009-03-12 03:04 -------- d-----w- c:\program files\Windows Live Toolbar 2009-09-16 22:32 . 2009-03-05 07:33 -------- d-----w- c:\program files\Java 2009-09-16 22:27 . 2009-03-12 03:08 99008 ----a-w- c:\users\GUSTAVO\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-16 22:24 . 2009-03-05 08:02 -------- d-----w- c:\programdata\Microsoft Help 2009-09-16 22:06 . 2009-09-16 22:06 -------- d-----w- c:\programdata\Roaming 2009-09-16 22:01 . 2009-09-16 22:01 -------- d-----w- c:\program files\Cisco 2009-09-16 22:01 . 2009-09-16 22:01 -------- d-----w- c:\program files\Common Files\Intel 2009-09-16 22:00 . 2009-03-12 04:13 -------- d-----w- c:\program files\Intel 2009-09-16 21:40 . 2005-04-06 19:38 -------- d-----w- c:\users\GUSTAVO\AppData\Roaming\Samsung 2009-09-10 21:54 . 2009-09-18 04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2009-09-18 04:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 01:35 . 2009-04-14 01:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-14 16:27 . 2009-09-16 21:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-16 21:34 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-16 21:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-16 21:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-16 21:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-16 21:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-16 21:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-16 21:34 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-16 21:34 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-16 21:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-16 21:34 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-07-25 12:23 . 2009-05-09 22:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 21:52 . 2009-08-17 01:34 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-08-17 01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-08-17 01:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-08-17 01:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-16 288560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.D LL" [2009-01-15 644384] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL " [2009-01-15 214576] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2007-03-28 243248] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176] "LenovoOobeOffers"="c:\swtools\LenovoWelcome\Lenov oOobeOffers.exe" [2007-09-25 28672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-10-07 154136] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-07 178712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLC HK.exe" [2008-09-01 124248] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe " [2008-09-01 165208] "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-29 1241872] "TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-11 50688] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2004-6-18 813584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-11-21 07:35 95496 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):48,e0,4a,f3,fe,df,c9,01 S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsH M86.sys [2007-10-17 19504] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-13 13480] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289] S2 DLPortIO;DriverLINX Port I/O Driver; [x] S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-09-29 309008] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-25 1028432] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-15 66848] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560] S2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\TP4SERVINST.EXE [2008-03-04 35616] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-10-24 58736] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2008-03-04 22568] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contents of the 'Scheduled Tasks' folder 2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 06:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\GUSTAVO\AppData\Roaming\Mozilla\Firefox\P rofiles\pmb5bdn7.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************ ******************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-19 02:05 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\ibmpmsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe c:\windows\System32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\System32\AEADISRV.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Lenovo\TrackPoint\tp4serv.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\System32\drivers\XAudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\System32\wbem\unsecapp.exe c:\combofix\CF26612.exe c:\windows\System32\rundll32.exe c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE c:\windows\System32\igfxsrvc.exe c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe . ********************************************** ******************** . Completion time: 2009-10-19 2:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-19 09:13 Pre-Run: 77,191,897,088 bytes free Post-Run: 76,077,703,168 bytes free - - End Of File - - D13CE7E09A3DD1088A9E4FB4221FFD1A __________________ NEC Display Solutions LCD2070NX-BK E2140 Antec Nine Hundred Black Steel Antec True Power Trio TP3-650 GA-P35-DS3L BFG Tech BFGE85256GTE GeForce 8500GT 256MB CORSAIR XMS2 2GB (2 x 1GB) (PC2 6400) FOLDING FOR THE GOOD OF MANKIND :F@H Team 44358** Last edited by hells3000; 10-20-2009 at 07:27 PM.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus Help Needed. IEmonster.b and others.	justin52493x2	Computer Security	40	10-29-2008 02:57 PM
Need help please(I may have a virus/adware)	MBGraphics	Computer Security	55	09-25-2008 01:14 PM
hijack this problem i have please	texaspete	Computer Security	91	04-19-2008 03:33 AM
computer problem	yellow.orange	Computer Security	16	12-21-2007 10:56 AM
HELP HJT log	HELP_ME	Computer Security	32	09-28-2006 09:04 PM