Security tool+No net access

View previous topic View next topic Go down

Security tool+No net access

Post by humpee on 16th December 2009, 11:40 pm

Daughters computer is infected with 'security tool' blocks net access. blocks task manager. blocks cd/dvd drive. normal scanner (avira) blocked. Is there any way i can stop processes manually? cannot access progs such as 'nkill' so we seem to be in a bind. any help would be gratefully received.


Last edited by humpee on 17th December 2009, 12:48 am; edited 1 time in total (Reason for editing : subject has been covered, but most infected comps seem to have access to net...and can download fix's.)

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 17th December 2009, 1:15 am

Can you transfer tools via USB from another machine, back to this infection machine?

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 17th December 2009, 5:55 am

no cant

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 17th December 2009, 6:00 pm

Do you have Firefox installed? try using a different browser.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 17th December 2009, 11:33 pm

wish i could....only have explorer

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 17th December 2009, 11:34 pm

looks like its clean format time Sad tearing

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 17th December 2009, 11:35 pm

=/ Can you write tools to a CD and transfer them over? or a network connection to another machine?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 17th December 2009, 11:37 pm

i tried to use a cd with tools but cd/dvd drive blocked

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by ocastillo on 17th December 2009, 11:37 pm

hey i have securty tool virus on my computer i cant open any task manager or download any things from any websites because it will just close any files i try to open help please?!

ocastillo
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-12-17
OS OS : Windows XP
Points Points : 25515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 17th December 2009, 11:39 pm

ocastillo - Create your own topic please. Smile

humpee - Don't give up on me, I'll find a way around this malware, even if it kills me.

Can you boot to safe mode with networking? might give us a slim chance.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 17th December 2009, 11:57 pm

yes...got into safe mode

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 18th December 2009, 12:10 am

Does IE work any better in Safe Mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 18th December 2009, 12:20 am

still cant get online....message is 'connection terminated'

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 18th December 2009, 12:26 am

Well, maybe we can use Windows tool to at least disable. Go to Start > Run. In the Run box, type in msconfig and hit enter.

Go into the Startup tab, copy down all the left side names (more than likely I will know a lot of them and know they are legit), just a matter of finding one that doesn't look right to me and disable it.

Copy and paste all the names back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 18th December 2009, 6:43 am

smax4pnp
igfxtray
hkcmd
igfxpers
PDVDServ
Language
NeroCheck
NBHGui
InCD
IMJPMIG
ImScInst
TINTSETP
TINTSETP
sgpUpdaters
SearchGuardPlus

Reader_sl
CNSLMAIN
BJMyPrt
SMSTray
MAAgent
64241926
ctfmon
IMVU
OpenOffice.org 3.0

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 18th December 2009, 11:03 am

Hello.
Go back into the Startup tab, and untick the following 3 items:

sgpUpdaters
SearchGuardPlus
64241926


Reboot normally.
Can you get online now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

c: will only start using explore

Post by humpee on 18th December 2009, 10:18 pm

c: will only open when using right click dropdown/explore. have tried deleting mountpoints2... worked till pc was restarted. very slow startup. here is log from hijack thLogfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:11:23 AM, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Desktop\playing stuff2\SoundMAX\SMax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: YouWontFindBetterDeals - {344514E9-DD71-110C-2C29-C87A37ADD6F4} - C:\Program Files\YouWontFindBetterDeals\YouWontFindBetterDeals.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMax] "C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Desktop\playing stuff2\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Local Settings\Temporary Internet Files\Content.IE5\3MXXJEOM\avgremover[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG8" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8" /ndis_nextstep=1
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\SHAUN~1.SHA\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe

--
End of file - 7273 bytes
is scan.

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Dr Jay on 18th December 2009, 10:25 pm

humpee, please do not start a new topic. Keep all information in this one.

Therefore, I have merged your new topic in to this one.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302989
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 18th December 2009, 10:32 pm

sry dragon master......this recent post is my own computer...(c: wont open) i wanted to enter a different post....guess i messed up......sry the previous post was my daughters computer, i am using the phone to give her your instructions. currently, after unchecking the boxes in startup, she has regained net access. i have told her to download hijack this, scan. and log on with you guys. Thanx for your help, and i am sorry for any confusion i have caused.

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 18th December 2009, 10:43 pm

Humpee - Please stay under one username too, gets really confusing for me if a new person jumps in half way through.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: YouWontFindBetterDeals - {344514E9-DD71-110C-2C29-C87A37ADD6F4} - C:\Program Files\YouWontFindBetterDeals\YouWontFindBetterDeals.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\shaun.SHAUN-E0EAD128A\Local Settings\Temporary Internet Files\Content.IE5\3MXXJEOM\avgremover[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG8" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8" /ndis_nextstep=1
    O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\SHAUN~1.SHA\LOCALS~1\Temp\herss.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 18th December 2009, 11:36 pm

did as directed, here is log Malwarebytes' Anti-Malware 1.42
Database version: 3388
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2009 10:26:59 AM
mbam-log-2009-12-19 (10-26-59).txt

Scan type: Quick Scan
Objects scanned: 140861
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\youwontfindbetterdeals.youwontfindbetterdeals (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\youwontfindbetterdeals.youwontfindbetterdeals.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{344514e9-dd71-110c-2c29-c87a37add6f4} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\YouWontFindBetterDeals.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YouWontFindBetterDeals (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.hȋdden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
still can't open c: without using 'explore' option

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 18th December 2009, 11:45 pm

Hello.
Do you have any external drives? they are also infected and need to be cleaned.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:01 am

yes 1 external..seagate drive

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:03 am

kittyfix?

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 12:17 am

Yeah, it's renamed. Goofy


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:19 am

rename to combo-fix?

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 12:20 am

No, it's already renamed. Sorry, I took your last post as a question why it's called KittyFix when my post says Combofix. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 11:35:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Shaun\Favorites\Download programs.url
c:\documents and settings\Shaun\Favorites\Games.url
c:\documents and settings\Shaun\Favorites\Translator.url
c:\documents and settings\Shaun\Favorites\Videos.url
c:\recycler\S-1-5-21-527237240-1801674531-725345543-1003
C:\SETUP.BAT
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 00:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-19 01:24 . 2009-11-19 01:24 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-PerformanceAdSystem - c:\program files\YouWontFindBetterDeals\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-19 11:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
"hamhmcogmphechon"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"iaokgcmnliddnfcdli"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"hakkmakkoelaneba"=hex:6b,61,62,6c,6d,63,65,6e,6d,61,62,62,6c,61,63,6c,61,6d,
63,6a,67,66,00,00
"hakkmakkbfagbgee"=hex:70,62,62,6b,6e,6f,6b,6f,64,6d,64,6d,6f,6c,68,6d,67,62,
6c,6c,6d,68,6b,6e,6e,61,65,6e,6f,6c,62,70,70,66,66,63,62,6c,61,69,68,6e,63,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 11:49:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 00:49

Pre-Run: 37,706,444,800 bytes free
Post-Run: 37,666,697,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /noexecute=optin

- - End Of File - - A227CF7C9B2A5A58503C7DD5A33853B5

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 1:11 am

Okay, good work. Before we remove the leftovers, is AVG still installed on this machine or did it corrupt itself on you?

Combofix says AVG is active, yet I only see some leftover dead drivers and no run values.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 1:13 am

corrupted....tried to get rid of it but ......

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 1:17 am

Thought so, AVG did the same to me. Run the uninstaller I posted above, then we'll take out them leftovers. Once you have run the uninstall:


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    Avgfwdx
    Avgfwfd

    RegNull::
    [HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 1:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 12:41:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.249 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\documents and settings\shaun.SHAUN-E0EAD128A\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avgfwdx
-------\Service_Avgfwfd


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 01:33 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-12-03 01:37 . 2009-11-28 20:56 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 01:34 . 2009-11-28 09:29 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-19 01:49 . 2009-12-19 01:49 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat
+ 2009-07-06 02:37 . 2009-12-19 00:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-06 02:37 . 2009-12-18 23:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-19 12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 12:56:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 01:56
ComboFix2.txt 2009-12-19 00:49

Pre-Run: 37,675,393,024 bytes free
Post-Run: 37,640,593,408 bytes free

- - End Of File - - 8736FA11CAA5CD303A0392C885B7D7C5

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 2:06 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 2:11 am

faster thanks....combo stated that avg was still lurking though

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 2:17 am

combofix uninstalled...but messaged that avg was still there

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 3:44 pm

Did you run the AVG uninstaller? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 20th December 2009, 5:02 am

yep ..twice

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 20th December 2009, 2:34 pm

Please re-download Combofix.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    SecCenter::
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 20th December 2009, 11:38 pm

done as directComboFix 09-12-18.03 - shaun 12/21/2009 10:26:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.133 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.lnk
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-20 23:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 10:34:54
ComboFix-quarantined-files.txt 2009-12-20 23:34
ComboFix2.txt 2009-12-19 01:56

Pre-Run: 39,259,381,760 bytes free
Post-Run: 39,228,141,568 bytes free

- - End Of File - - 4534F87C5CBB17143CDAC170E554CACF
ed.

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 12:05 am

Hello.
That didn't work because you didn't save the file right.

c:\processexplorer\CFScript.lnk

You need to save it as a text file (.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 12:54 am

saved as trext.....combofix goes into reduced functionality mode and vanishes...

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 12:57 am

Delete the copy you have and download it again, then it works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 1:34 am

ComboFix 09-12-20.03 - shaun 12/21/2009 12:22:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.153 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-21 01:22 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-21 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 12:30:53
ComboFix-quarantined-files.txt 2009-12-21 01:30

Pre-Run: 39,225,159,680 bytes free
Post-Run: 39,213,617,152 bytes free

- - End Of File - - 5AE89D108E68757DABFC0C2D906FEDDE

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 7:02 pm

There, no more AVG.


Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 10:35 pm

thnx belahzur.......no one could ever accuse you of giving up easy. you have done me a huge service which would otherwise have meant a trip to the computer shop.....and a lot of cost probably. The machine seems to be running quite well now...for an antique. Thanks again. Thank You!

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25866
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum