Security tool+No net access

View previous topic View next topic Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:19 am

rename to combo-fix?

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 12:20 am

No, it's already renamed. Sorry, I took your last post as a question why it's called KittyFix when my post says Combofix. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 12:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 11:35:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Shaun\Favorites\Download programs.url
c:\documents and settings\Shaun\Favorites\Games.url
c:\documents and settings\Shaun\Favorites\Translator.url
c:\documents and settings\Shaun\Favorites\Videos.url
c:\recycler\S-1-5-21-527237240-1801674531-725345543-1003
C:\SETUP.BAT
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 00:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-19 01:24 . 2009-11-19 01:24 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-PerformanceAdSystem - c:\program files\YouWontFindBetterDeals\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-19 11:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
"hamhmcogmphechon"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"iaokgcmnliddnfcdli"=hex:6a,61,62,69,64,67,6b,6c,6e,69,62,63,6c,70,65,66,66,69,
66,64,00,00
"hakkmakkoelaneba"=hex:6b,61,62,6c,6d,63,65,6e,6d,61,62,62,6c,61,63,6c,61,6d,
63,6a,67,66,00,00
"hakkmakkbfagbgee"=hex:70,62,62,6b,6e,6f,6b,6f,64,6d,64,6d,6f,6c,68,6d,67,62,
6c,6c,6d,68,6b,6e,6e,61,65,6e,6f,6c,62,70,70,66,66,63,62,6c,61,69,68,6e,63,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 11:49:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 00:49

Pre-Run: 37,706,444,800 bytes free
Post-Run: 37,666,697,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /noexecute=optin

- - End Of File - - A227CF7C9B2A5A58503C7DD5A33853B5

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 1:11 am

Okay, good work. Before we remove the leftovers, is AVG still installed on this machine or did it corrupt itself on you?

Combofix says AVG is active, yet I only see some leftover dead drivers and no run values.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 1:13 am

corrupted....tried to get rid of it but ......

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 1:17 am

Thought so, AVG did the same to me. Run the uninstaller I posted above, then we'll take out them leftovers. Once you have run the uninstall:


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    Avgfwdx
    Avgfwfd

    RegNull::
    [HKEY_USERS\S-1-5-21-1417001333-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5EC7AA0-DCBE-817A-0FB6-D050177AC852}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 1:59 am

ComboFix 09-12-18.01 - shaun 12/19/2009 12:41:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.249 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\documents and settings\shaun.SHAUN-E0EAD128A\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avgfwdx
-------\Service_Avgfwfd


((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-19 01:33 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-12-03 01:37 . 2009-11-28 20:56 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 01:34 . 2009-11-28 09:29 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-19 01:49 . 2009-12-19 01:49 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat
+ 2009-07-06 02:37 . 2009-12-19 00:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-06 02:37 . 2009-12-18 23:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-19 12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-19 12:56:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-19 01:56
ComboFix2.txt 2009-12-19 00:49

Pre-Run: 37,675,393,024 bytes free
Post-Run: 37,640,593,408 bytes free

- - End Of File - - 8736FA11CAA5CD303A0392C885B7D7C5

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 2:06 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 2:11 am

faster thanks....combo stated that avg was still lurking though

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 19th December 2009, 2:17 am

combofix uninstalled...but messaged that avg was still there

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 19th December 2009, 3:44 pm

Did you run the AVG uninstaller? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 20th December 2009, 5:02 am

yep ..twice

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 20th December 2009, 2:34 pm

Please re-download Combofix.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    SecCenter::
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 20th December 2009, 11:38 pm

done as directComboFix 09-12-18.03 - shaun 12/21/2009 10:26:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.133 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.lnk
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-20 23:26 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2008-01-08 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 10:34:54
ComboFix-quarantined-files.txt 2009-12-20 23:34
ComboFix2.txt 2009-12-19 01:56

Pre-Run: 39,259,381,760 bytes free
Post-Run: 39,228,141,568 bytes free

- - End Of File - - 4534F87C5CBB17143CDAC170E554CACF
ed.

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 12:05 am

Hello.
That didn't work because you didn't save the file right.

c:\processexplorer\CFScript.lnk

You need to save it as a text file (.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 12:54 am

saved as trext.....combofix goes into reduced functionality mode and vanishes...

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 12:57 am

Delete the copy you have and download it again, then it works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 1:34 am

ComboFix 09-12-20.03 - shaun 12/21/2009 12:22:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.153 [GMT 11:00]
Running from: c:\processexplorer\KittyFix.exe
Command switches used :: c:\processexplorer\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-18 23:14 . 2009-12-18 23:14 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Malwarebytes
2009-12-18 23:14 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 23:14 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:07 . 2009-12-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 23:07 . 2009-12-18 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-18 22:10 . 2009-12-18 22:10 388096 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-18 22:10 . 2009-12-18 22:10 -------- d-----w- c:\program files\TrendMicro
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- C:\VJVod_Cache
2009-12-16 21:41 . 2009-12-16 21:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\nagasoft
2009-12-16 09:53 . 2009-12-16 09:53 -------- d-----w- C:\New Folder
2009-12-16 09:51 . 2009-12-21 01:22 -------- d-----w- C:\ProcessExplorer
2009-12-16 02:57 . 2009-12-16 02:57 -------- d-----w- c:\windows\system32\Nagasoft
2009-12-03 00:34 . 2009-12-09 06:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 00:34 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 00:34 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 00:34 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\program files\Avira
2009-12-03 00:34 . 2009-12-03 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-11-29 04:32 . 2009-11-29 04:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 04:31 . 2009-11-29 04:31 -------- d-----w- C:\$AVG8.VAULT$
2009-11-29 04:30 . 2009-11-29 04:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 20:56 . 2009-12-03 01:37 152576 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 09:29 . 2009-12-03 01:34 79488 ----a-w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 06:55 . 2009-10-22 09:36 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\LimeWire
2009-12-16 07:57 . 2009-10-02 05:27 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-16 07:57 . 2009-10-02 05:27 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-16 07:57 . 2009-10-02 05:27 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-16 07:57 . 2009-10-29 22:56 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-16 07:57 . 2009-10-02 05:27 370744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-16 07:57 . 2009-10-02 05:27 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-16 07:57 . 2009-10-02 05:27 194104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-16 07:57 . 2009-10-02 05:27 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-16 07:56 . 2009-10-02 05:27 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-16 07:56 . 2009-10-02 05:26 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-16 07:56 . 2009-10-02 05:26 641632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-16 07:56 . 2009-10-02 05:26 816272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-16 07:56 . 2009-10-02 05:26 822904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-16 07:56 . 2009-10-02 05:26 1638640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-16 07:56 . 2009-10-02 05:26 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-16 07:56 . 2009-10-02 05:26 1184912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-03 01:37 . 2009-10-22 09:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:37 . 2007-09-13 01:23 -------- d-----w- c:\program files\Java
2009-11-29 21:54 . 2009-10-01 08:14 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-03 11:43 . 2009-11-03 11:43 -------- d-----w- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\ImgBurn
2009-11-03 04:07 . 2009-11-03 04:07 -------- d-----w- c:\program files\Daniusoft
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 93360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-29 22:56 . 2009-10-29 22:56 554280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-29 22:56 . 2009-10-02 05:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:56 . 2009-10-02 05:27 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-29 22:56 . 2009-10-29 22:56 212480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 22:56 . 2009-10-29 22:56 283944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-29 22:56 . 2009-10-29 22:56 1223976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-29 22:56 . 2009-10-29 22:56 242984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 22:55 . 2009-10-02 05:27 5908024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-29 22:51 . 2009-10-29 22:51 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 23:39 . 2009-10-28 23:26 1649 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-10-22 01:24 . 2009-10-22 01:24 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-10-22 01:23 . 2009-10-22 01:23 10134 ----a-r- c:\documents and settings\shaun.SHAUN-E0EAD128A\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-06 11:58 . 2009-10-06 10:25 696352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 11:58 . 2009-10-06 10:25 5408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-04 05:08 . 2009-10-04 05:08 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-03 08:15 . 2009-10-29 22:51 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-02 05:27 . 2009-10-02 05:27 17632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 05:27 . 2009-10-02 05:27 68640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 05:27 . 2009-10-02 05:26 525792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 05:26 . 2009-10-02 05:26 303976 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 05:26 . 2009-10-02 05:26 640760 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-10-02 02:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-01-09 08:43 . 2008-01-09 08:41 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2008-01-09 08:41 . 2008-01-09 08:38 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-01-09 08:22 . 2008-01-09 08:22 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Windows and Programs (No Data or Documents).BDF
2007-10-06 07:14 . 2007-10-06 07:14 52 -c--a-w- c:\program files\Save Data and Documents Only.BDF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-09 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-9-26 11550720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Documents and Settings\\shaun.SHAUN-E0EAD128A\\Desktop\\Unused Desktop Shortcuts\\Call of Duty\\Call of Duty MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56468:TCP"= 56468:TCP:Pando Media Booster
"56468:UDP"= 56468:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/2/2009 1:55 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 11:34 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 10:17 PM 1184912]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 3:20 PM 24120]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [11/3/2009 3:07 PM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-21 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 12:30:53
ComboFix-quarantined-files.txt 2009-12-21 01:30

Pre-Run: 39,225,159,680 bytes free
Post-Run: 39,213,617,152 bytes free

- - End Of File - - 5AE89D108E68757DABFC0C2D906FEDDE

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security tool+No net access

Post by Belahzur on 21st December 2009, 7:02 pm

There, no more AVG.


Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security tool+No net access

Post by humpee on 21st December 2009, 10:35 pm

thnx belahzur.......no one could ever accuse you of giving up easy. you have done me a huge service which would otherwise have meant a trip to the computer shop.....and a lot of cost probably. The machine seems to be running quite well now...for an antique. Thanks again. Thank You!

humpee
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-12-16
Gender Gender : Male
OS OS : windows xp
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum