I scanned my computer and it said I'm still not virus free. Heres the log that listed still remaining issues:
Remaining issues:Object Name Threat Name Final Status
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFS\ImagePath=]C:\WINDOWS\SYSTEM32\PERFS.EXE Trojan.Agent.CHB Infected
[System]=]C:\WINDOWS\system32\perfs.exe (memory dump) Trojan.Agent.CHB Disinfect Failed
[System]=]C:\WINDOWS\system32\perfs.exe (disk) Trojan.Agent.CHB Disinfect Failed
[System]=]C:\WINDOWS\system32\perfs.exe (full dump) Trojan.Agent.CHB Disinfect Failed
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MABIDWE\ImagePath=]C:\WINDOWS\SYSTEM32\MABIDWE.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MACIDWE\ImagePath=]C:\WINDOWS\SYSTEM32\MACIDWE.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NOXTCYR\ImagePath=]C:\WINDOWS\SYSTEM32\NOXTCYR.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NOYTCYR\ImagePath=]C:\WINDOWS\SYSTEM32\NOYTCYR.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ROXTCTM\ImagePath=]C:\WINDOWS\SYSTEM32\ROXTCTM.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ROYTCTM\ImagePath=]C:\WINDOWS\SYSTEM32\ROYTCTM.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SOTPECA\ImagePath=]C:\WINDOWS\SYSTEM32\SOTPECA.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SOXPECA\ImagePath=]C:\WINDOWS\SYSTEM32\SOXPECA.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TDXDOWKC\ImagePath=]C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TDYDOWKC\ImagePath=]C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE Trojan.Refpron.A Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WSLDOEKD\ImagePath=]C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE Trojan.Refpron.A Infected
[System]=]C:\WINDOWS\system32\mabidwe.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\mabidwe.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\mabidwe.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\macidwe.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\macidwe.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\macidwe.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noxtcyr.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noxtcyr.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noxtcyr.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noytcyr.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noytcyr.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\noytcyr.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roxtctm.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roxtctm.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roxtctm.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roytctm.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roytctm.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\roytctm.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\sotpeca.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\sotpeca.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\sotpeca.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\soxpeca.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\soxpeca.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\soxpeca.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdxdowkc.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdxdowkc.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdxdowkc.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdydowkc.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdydowkc.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\tdydowkc.exe (full dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\wsldoekd.exe (memory dump) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\wsldoekd.exe (disk) Trojan.Refpron.A Disinfect Failed
[System]=]C:\WINDOWS\system32\wsldoekd.exe (full dump) Trojan.Refpron.A Disinfect Failed
Any advice to get rid of these would be greatly appreciated. Thank you!
Full Version: Still Infected...
Bitdefender failed to remove these am i correct?
Yes, that's correct. I scanned and tried to quarantine, but it would not let me. I tried deleting them, still would not let me. Had no choice but to leave them alone.
Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.
Open Notepad and copy/paste the text in the quotebox below into it:
Save this as:
CFScript.txt
Drag CFScript.txt into ComboFix.exe
Then post the resultant log here.
Open Notepad and copy/paste the text in the quotebox below into it:
QUOTE
File::
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\SYSTEM32\MABIDWE.EXE
C:\WINDOWS\SYSTEM32\MACIDWE.EXE
C:\WINDOWS\SYSTEM32\NOXTCYR.EXE
C:\WINDOWS\SYSTEM32\NOYTCYR.EXE
C:\WINDOWS\SYSTEM32\ROXTCTM.EXE
C:\WINDOWS\SYSTEM32\ROYTCTM.EXE
C:\WINDOWS\SYSTEM32\SOTPECA.EXE
C:\WINDOWS\SYSTEM32\SOXPECA.EXE
C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE
C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE
C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\SYSTEM32\MABIDWE.EXE
C:\WINDOWS\SYSTEM32\MACIDWE.EXE
C:\WINDOWS\SYSTEM32\NOXTCYR.EXE
C:\WINDOWS\SYSTEM32\NOYTCYR.EXE
C:\WINDOWS\SYSTEM32\ROXTCTM.EXE
C:\WINDOWS\SYSTEM32\ROYTCTM.EXE
C:\WINDOWS\SYSTEM32\SOTPECA.EXE
C:\WINDOWS\SYSTEM32\SOXPECA.EXE
C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE
C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE
C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE
Save this as:
CFScript.txt
Drag CFScript.txt into ComboFix.exe
Then post the resultant log here.
Strangely, when I scanned again, all the previous viruses that it detected are gone. I tried doing what you said with the combo fix but it doesn't do anything. So does that mean the viruses are gone? Or are they just hiding very well? Haha.
I want to see Combofix scan log 
QUOTE (crysty2k5 @ Oct 11 2008, 07:55 AM) 
I want to see Combofix scan log
I tried what you told me, but when I did, it didn't do anything. =/
Weird. I tried it again and it worked. Here is the scan log.
ComboFix 08-10-12.01 - SBT 2008-10-13 10:51:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.359 [GMT -7:00]
Running from: C:\Documents and Settings\SBT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\SBT\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\SYSTEM32\MABIDWE.EXE
C:\WINDOWS\SYSTEM32\MACIDWE.EXE
C:\WINDOWS\SYSTEM32\NOXTCYR.EXE
C:\WINDOWS\SYSTEM32\NOYTCYR.EXE
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\SYSTEM32\ROXTCTM.EXE
C:\WINDOWS\SYSTEM32\ROYTCTM.EXE
C:\WINDOWS\SYSTEM32\SOTPECA.EXE
C:\WINDOWS\SYSTEM32\SOXPECA.EXE
C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE
C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE
C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\MyWebEx
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\aasetup.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atagtctl.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATAS9516.DLL
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas9532.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ataudio.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atauthor.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Ateditor.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atfsdos.vxd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnthost.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap16.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap95.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcapnt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATPDRVNT.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atplaykb.vxd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATRA9516.DLL
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Atrcp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrecply.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrpui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atscr.scr
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atstmget.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atWbxUI5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Install.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mwpc.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtx.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\racfg.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raupdate.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raurl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\stdnames.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\UILibRes.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.hlp
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrvui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unires.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLDrv.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLInst.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLMgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\webex_ball_32.ico
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\xstatus.log
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atwbxui5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\uilibres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLDrv.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLMgr.dll
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\tpszxyd.sys
----- BITS: Possible infected sites -----
hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFS
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.
2008-10-10 14:56 . 2008-10-10 14:56 <DIR> d-------- C:\ERDNT
2008-10-08 22:46 . 2008-10-08 22:46 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-10-08 22:46 . 2008-10-08 22:46 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\WINDOWS\system32\logs
2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\Documents and Settings\SBT\Application Data\BitDefender
2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\BitDefender
2008-10-08 13:48 . 2008-10-08 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Binaries
2008-10-08 13:46 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-10-06 10:45 . 2008-10-06 10:46 <DIR> d-------- C:\Documents and Settings\IUSER_Admin
2008-09-13 12:36 . 2008-09-13 12:36 <DIR> d---s---- C:\Documents and Settings\QBDataServiceUser18\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 21:06 103,944 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-10-08 21:00 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-08 21:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-08 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-08 20:36 --------- d-----w C:\Program Files\Symantec
2008-09-24 22:44 --------- d-----w C:\Program Files\Common Files\Intuit
2008-08-13 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-13 01:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-13 01:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-22 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-22 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-22 81920]
"HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [2000-10-26 49152]
"HP Status"="C:\WINDOWS\system32\hpstatus.exe" [2002-03-04 106496]
"HP Proxy Server"="C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk" [2007-04-30 888]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"IntuitUpdater"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdater.exe" [2007-08-15 38176]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-08 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 C:\WINDOWS\sttray.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Database Server Manager.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [2008-02-27 156960]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\JavaSoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\hpbspsvr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;C:\Program Files\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-01-29 20480]
R2 IntuitUpdateService;Intuit Update Service;C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2007-08-15 20480]
R2 QBPOSDBServiceV7;QBPOS Database Manager v7;C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2008-05-02 2616144]
R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-08 103944]
S2 atnthost;WebEx Remote Access Agent;C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe [ ]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 11:02:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\hpbspsvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hpbjdsnt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-10-13 11:06:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-13 18:05:56
Pre-Run: 65,670,168,576 bytes free
Post-Run: 66,165,612,544 bytes free
255 --- E O F --- 2007-11-09 11:00:52
ComboFix 08-10-12.01 - SBT 2008-10-13 10:51:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.359 [GMT -7:00]
Running from: C:\Documents and Settings\SBT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\SBT\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\SYSTEM32\MABIDWE.EXE
C:\WINDOWS\SYSTEM32\MACIDWE.EXE
C:\WINDOWS\SYSTEM32\NOXTCYR.EXE
C:\WINDOWS\SYSTEM32\NOYTCYR.EXE
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\SYSTEM32\ROXTCTM.EXE
C:\WINDOWS\SYSTEM32\ROYTCTM.EXE
C:\WINDOWS\SYSTEM32\SOTPECA.EXE
C:\WINDOWS\SYSTEM32\SOXPECA.EXE
C:\WINDOWS\SYSTEM32\TDXDOWKC.EXE
C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE
C:\WINDOWS\SYSTEM32\WSLDOEKD.EXE
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\MyWebEx
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\aasetup.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atagtctl.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATAS9516.DLL
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas9532.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ataudio.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atauthor.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Ateditor.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atfsdos.vxd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnthost.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap16.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcap95.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcapnt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATPDRVNT.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atplaykb.vxd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ATRA9516.DLL
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Atrcp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrecply.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrpui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atscr.scr
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atstmget.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atWbxUI5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Install.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mwpc.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtx.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\racfg.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raupdate.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raurl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\stdnames.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\UILibRes.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.hlp
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrvui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unires.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLDrv.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLInst.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLMgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\webex_ball_32.ico
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\xstatus.log
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atwbxui5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\uilibres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLDrv.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\WbxDLMgr.dll
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\tpszxyd.sys
----- BITS: Possible infected sites -----
hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFS
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.
2008-10-10 14:56 . 2008-10-10 14:56 <DIR> d-------- C:\ERDNT
2008-10-08 22:46 . 2008-10-08 22:46 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-10-08 22:46 . 2008-10-08 22:46 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\WINDOWS\system32\logs
2008-10-08 13:49 . 2008-10-08 13:49 <DIR> d-------- C:\Documents and Settings\SBT\Application Data\BitDefender
2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\BitDefender
2008-10-08 13:48 . 2008-10-08 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-08 13:48 . 2008-10-08 13:48 <DIR> d-------- C:\Binaries
2008-10-08 13:46 . 2008-10-08 13:48 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-10-06 10:45 . 2008-10-06 10:46 <DIR> d-------- C:\Documents and Settings\IUSER_Admin
2008-09-13 12:36 . 2008-09-13 12:36 <DIR> d---s---- C:\Documents and Settings\QBDataServiceUser18\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 21:06 103,944 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-10-08 21:00 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-08 21:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-08 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-08 20:36 --------- d-----w C:\Program Files\Symantec
2008-09-24 22:44 --------- d-----w C:\Program Files\Common Files\Intuit
2008-08-13 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-13 01:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-13 01:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-22 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-22 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-22 81920]
"HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [2000-10-26 49152]
"HP Status"="C:\WINDOWS\system32\hpstatus.exe" [2002-03-04 106496]
"HP Proxy Server"="C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk" [2007-04-30 888]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"IntuitUpdater"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdater.exe" [2007-08-15 38176]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-08 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 C:\WINDOWS\sttray.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Database Server Manager.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [2008-02-27 156960]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\JavaSoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\hpbspsvr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;C:\Program Files\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-01-29 20480]
R2 IntuitUpdateService;Intuit Update Service;C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2007-08-15 20480]
R2 QBPOSDBServiceV7;QBPOS Database Manager v7;C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2008-05-02 2616144]
R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-08 103944]
S2 atnthost;WebEx Remote Access Agent;C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe [ ]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 11:02:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\hpbspsvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hpbjdsnt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-10-13 11:06:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-13 18:05:56
Pre-Run: 65,670,168,576 bytes free
Post-Run: 66,165,612,544 bytes free
255 --- E O F --- 2007-11-09 11:00:52
Do you still have problems ?
QUOTE (crysty2k5 @ Oct 13 2008, 01:00 PM)
Do you still have problems ?
The weird thing is, when I scanned again, it never found the viruses it scanned and couldn't delete the first time. After running the combo fix, it deleted a lot of items. What did the Combofix do that Bitdefender couldn't? Thanks for the help.
Combofix is a special tool.
This tool is not a toy and not for everyday use.
This tool is not a toy and not for everyday use.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.