Infected Computer - ComboFix Scan Results

View previous topic View next topic Go down

Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Mon Jun 28, 2010 8:10 am

The only problem I seemed to be having was my Google being redirected. This all started with the AV Security though and I'm worried there is more. After running Combo it appears that my Google is working again but I just tried a few random searches. Here is my Combo Log...Any suggestions appreciated. ( I can also provide an OTL or an HJT)
_______________________________________________________________________

ComboFix 10-06-27.03 - Eric 06/28/2010 3:43.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1567 [GMT -4]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system\VCL35.BPL
c:\windows\system32\hljwugsf.bin

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 06:44 . 2010-06-28 06:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-28 05:55 . 2010-06-28 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 04:04 . 2010-06-28 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 03:27 . 2010-06-28 03:27 -------- d-----w- c:\program files\Trend Micro
2010-06-25 08:49 . 2010-06-25 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-20 09:14 . 2010-06-20 09:14 -------- d-----w- c:\documents and settings\Ciera\Application Data\IObit
2010-06-20 09:04 . 2010-06-21 19:55 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\scsfmkdxh
2010-06-10 21:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 07:13 . 2007-07-04 01:18 -------- d-----w- c:\documents and settings\Eric\Application Data\OpenOffice.org2
2010-06-28 06:44 . 2008-10-16 22:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-28 06:42 . 2010-03-09 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 06:35 . 2009-03-25 03:44 29 -c--a-w- c:\windows\popcinfo.dat
2010-06-28 05:58 . 2007-03-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-28 05:53 . 2007-06-08 00:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 04:09 . 2010-03-19 01:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-28 03:55 . 2006-10-02 08:55 -------- d-----w- c:\program files\Java
2010-06-20 18:40 . 2009-03-25 01:01 -------- d-----w- c:\documents and settings\Jordan\Application Data\OpenOffice.org2
2010-06-20 09:24 . 2009-03-07 02:32 -------- d-----w- c:\documents and settings\Jordan\Application Data\LimeWire
2010-06-20 09:13 . 2009-05-24 23:03 -------- d-----w- c:\documents and settings\Ciera\Application Data\OpenOffice.org2
2010-06-11 17:11 . 2009-11-06 00:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:06 . 2008-06-19 02:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:06 . 2007-07-01 23:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:22 . 2010-05-28 20:22 503808 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcp71.dll
2010-05-28 20:22 . 2010-05-28 20:22 499712 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\jmc.dll
2010-05-28 20:22 . 2010-05-28 20:22 348160 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcr71.dll
2010-05-28 20:22 . 2010-05-28 20:22 61440 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-sse.dll
2010-05-28 20:22 . 2010-05-28 20:22 12800 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-d3d.dll
2010-05-25 01:59 . 2010-05-25 01:59 503808 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcp71.dll
2010-05-25 01:59 . 2010-05-25 01:59 499712 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\jmc.dll
2010-05-25 01:59 . 2010-05-25 01:59 348160 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcr71.dll
2010-05-25 01:59 . 2010-05-25 01:59 61440 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-sse.dll
2010-05-25 01:59 . 2010-05-25 01:59 12800 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-d3d.dll
2010-05-20 05:01 . 2010-05-20 05:01 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\MSN Games
2010-05-19 22:47 . 2010-05-19 22:46 -------- d-----w- c:\program files\iTunes
2010-05-19 22:46 . 2006-03-24 23:28 -------- d-----w- c:\program files\iPod
2010-05-19 22:46 . 2008-11-24 23:42 -------- d-----w- c:\program files\Common Files\Apple
2010-05-19 22:42 . 2010-05-19 22:42 -------- d-----w- c:\program files\Bonjour
2010-05-19 22:32 . 2010-05-19 22:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-19 22:07 . 2007-01-30 22:52 -------- d-----w- c:\program files\LimeWire
2010-05-06 23:39 . 2007-12-19 02:49 -------- d-----w- c:\program files\CCleaner
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-09 00:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-09 00:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 21:26 . 2007-05-20 20:42 15080 -c--a-w- c:\documents and settings\Ciera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 21:21 . 2010-04-25 21:21 503808 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcp71.dll
2010-04-25 21:21 . 2010-04-25 21:21 499712 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\jmc.dll
2010-04-25 21:21 . 2010-04-25 21:21 348160 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcr71.dll
2010-04-25 21:20 . 2010-04-25 21:20 12800 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-d3d.dll
2010-04-25 21:20 . 2010-04-25 21:20 61440 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 503808 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcp71.dll
2010-04-22 02:02 . 2010-04-22 02:02 499712 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\jmc.dll
2010-04-22 02:02 . 2010-04-22 02:02 348160 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcr71.dll
2010-04-22 02:02 . 2010-04-22 02:02 61440 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 12800 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-d3d.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 00:30 . 2010-04-09 00:30 503808 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcp71.dll
2010-04-09 00:30 . 2010-04-09 00:30 499712 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\jmc.dll
2010-04-09 00:30 . 2010-04-09 00:30 348160 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcr71.dll
2010-04-09 00:30 . 2010-04-09 00:30 61440 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-sse.dll
2010-04-09 00:30 . 2010-04-09 00:30 12800 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-d3d.dll
2010-04-09 00:29 . 2008-12-11 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 22:37 . 2009-03-24 17:48 15080 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-03-31 36864]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 987136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-03-17 1486848]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2006-03-17 668672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-20 53248]

c:\documents and settings\Ciera\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Jordan\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-3-30 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-3-21 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\WinFox\\Living\\wfupdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 10:48 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2008 10:48 PM 242896]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 10:05 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 10:06 AM 308064]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 10:01 PM 396480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2009 4:32 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2010-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 04:31]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\803g8fgz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Eric\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-28 03:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2010-06-28 03:55:48
ComboFix-quarantined-files.txt 2010-06-28 07:55

Pre-Run: 58,931,056,640 bytes free
Post-Run: 61,700,784,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DB94D13143C3D90906EEC3BDC3E9F9AE



dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Mon Jun 28, 2010 7:38 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Folder::
    c:\documents and settings\Eric\Local Settings\Application Data\scsfmkdxh
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Mon Jun 28, 2010 8:07 pm

OK....Here is my newest scan


ComboFix 10-06-27.03 - Eric May 06/28/2010 15:52:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1411 [GMT -4:00]
Running from: c:\documents and settings\Eric May\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 06:44 . 2010-06-28 06:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-28 05:55 . 2010-06-28 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 04:04 . 2010-06-28 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 03:27 . 2010-06-28 03:27 -------- d-----w- c:\program files\Trend Micro
2010-06-25 08:49 . 2010-06-25 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-20 09:14 . 2010-06-20 09:14 -------- d-----w- c:\documents and settings\Ciera May\Application Data\IObit
2010-06-20 09:04 . 2010-06-21 19:55 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\scsfmkdxh
2010-06-10 21:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 19:41 . 2008-10-16 22:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-28 19:40 . 2009-03-25 03:44 29 -c--a-w- c:\windows\popcinfo.dat
2010-06-28 07:13 . 2007-07-04 01:18 -------- d-----w- c:\documents and settings\Eric\Application Data\OpenOffice.org2
2010-06-28 06:42 . 2010-03-09 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 05:58 . 2007-03-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-28 05:53 . 2007-06-08 00:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 04:09 . 2010-03-19 01:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-28 03:55 . 2006-10-02 08:55 -------- d-----w- c:\program files\Java
2010-06-20 18:40 . 2009-03-25 01:01 -------- d-----w- c:\documents and settings\Jordan\Application Data\OpenOffice.org2
2010-06-20 09:24 . 2009-03-07 02:32 -------- d-----w- c:\documents and settings\Jordan\Application Data\LimeWire
2010-06-20 09:13 . 2009-05-24 23:03 -------- d-----w- c:\documents and settings\Ciera\Application Data\OpenOffice.org2
2010-06-11 17:11 . 2009-11-06 00:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:06 . 2008-06-19 02:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:06 . 2007-07-01 23:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:22 . 2010-05-28 20:22 503808 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcp71.dll
2010-05-28 20:22 . 2010-05-28 20:22 499712 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\jmc.dll
2010-05-28 20:22 . 2010-05-28 20:22 348160 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcr71.dll
2010-05-28 20:22 . 2010-05-28 20:22 61440 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-sse.dll
2010-05-28 20:22 . 2010-05-28 20:22 12800 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-d3d.dll
2010-05-25 01:59 . 2010-05-25 01:59 503808 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcp71.dll
2010-05-25 01:59 . 2010-05-25 01:59 499712 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\jmc.dll
2010-05-25 01:59 . 2010-05-25 01:59 348160 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcr71.dll
2010-05-25 01:59 . 2010-05-25 01:59 61440 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-sse.dll
2010-05-25 01:59 . 2010-05-25 01:59 12800 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-d3d.dll
2010-05-20 05:01 . 2010-05-20 05:01 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\MSN Games
2010-05-19 22:47 . 2010-05-19 22:46 -------- d-----w- c:\program files\iTunes
2010-05-19 22:46 . 2006-03-24 23:28 -------- d-----w- c:\program files\iPod
2010-05-19 22:46 . 2008-11-24 23:42 -------- d-----w- c:\program files\Common Files\Apple
2010-05-19 22:42 . 2010-05-19 22:42 -------- d-----w- c:\program files\Bonjour
2010-05-19 22:32 . 2010-05-19 22:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-19 22:07 . 2007-01-30 22:52 -------- d-----w- c:\program files\LimeWire
2010-05-06 23:39 . 2007-12-19 02:49 -------- d-----w- c:\program files\CCleaner
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-09 00:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-09 00:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 21:26 . 2007-05-20 20:42 15080 -c--a-w- c:\documents and settings\Ciera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 21:21 . 2010-04-25 21:21 503808 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcp71.dll
2010-04-25 21:21 . 2010-04-25 21:21 499712 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\jmc.dll
2010-04-25 21:21 . 2010-04-25 21:21 348160 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcr71.dll
2010-04-25 21:20 . 2010-04-25 21:20 12800 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-d3d.dll
2010-04-25 21:20 . 2010-04-25 21:20 61440 ----a-w- c:\documents and settings\Ciera\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 503808 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcp71.dll
2010-04-22 02:02 . 2010-04-22 02:02 499712 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\jmc.dll
2010-04-22 02:02 . 2010-04-22 02:02 348160 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcr71.dll
2010-04-22 02:02 . 2010-04-22 02:02 61440 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 12800 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-d3d.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 00:30 . 2010-04-09 00:30 503808 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcp71.dll
2010-04-09 00:30 . 2010-04-09 00:30 499712 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\jmc.dll
2010-04-09 00:30 . 2010-04-09 00:30 348160 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcr71.dll
2010-04-09 00:30 . 2010-04-09 00:30 61440 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-sse.dll
2010-04-09 00:30 . 2010-04-09 00:30 12800 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-d3d.dll
2010-04-09 00:29 . 2008-12-11 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 22:37 . 2009-03-24 17:48 15080 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-03-31 36864]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 987136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-03-17 1486848]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2006-03-17 668672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-20 53248]

c:\documents and settings\Ciera\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Jordan\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-3-30 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-3-21 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\WinFox\\Living\\wfupdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 10:48 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2008 10:48 PM 242896]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 10:05 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 10:06 AM 308064]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 10:01 PM 396480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2009 4:32 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2010-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 04:31]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\803g8fgz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-28 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-28 16:02:23
ComboFix-quarantined-files.txt 2010-06-28 20:02
ComboFix2.txt 2010-06-28 07:55

Pre-Run: 61,617,451,008 bytes free
Post-Run: 61,629,882,368 bytes free

- - End Of File - - 6B86F793D878E7747B2DB6BA8C0FA7B7

dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Tue Jun 29, 2010 5:32 pm

Hello.
That didn't work right for some reason, did you copy my entire script inside the code box?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Wed Jun 30, 2010 3:49 am

Okay...hopefully this time I have done it correctly.

Most recent scan:

ComboFix 10-06-29.03 - Eric May 06/29/2010 23:41:52.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1431 [GMT -4:00]
Running from: c:\documents and settings\Eric May\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric May\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eric May\Local Settings\Application Data\scsfmkdxh

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-28 06:44 . 2010-06-28 06:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-28 05:55 . 2010-06-28 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 04:04 . 2010-06-28 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 03:27 . 2010-06-28 03:27 -------- d-----w- c:\program files\Trend Micro
2010-06-25 08:49 . 2010-06-25 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-20 09:14 . 2010-06-20 09:14 -------- d-----w- c:\documents and settings\Ciera May\Application Data\IObit
2010-06-10 21:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 10:53 . 2008-10-16 22:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 10:53 . 2009-03-25 03:44 29 -c--a-w- c:\windows\popcinfo.dat
2010-06-29 06:59 . 2007-03-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-28 07:13 . 2007-07-04 01:18 -------- d-----w- c:\documents and settings\Eric May\Application Data\OpenOffice.org2
2010-06-28 06:42 . 2010-03-09 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 05:53 . 2007-06-08 00:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 04:09 . 2010-03-19 01:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-28 03:55 . 2006-10-02 08:55 -------- d-----w- c:\program files\Java
2010-06-20 18:40 . 2009-03-25 01:01 -------- d-----w- c:\documents and settings\Jordan\Application Data\OpenOffice.org2
2010-06-20 09:24 . 2009-03-07 02:32 -------- d-----w- c:\documents and settings\Jordan\Application Data\LimeWire
2010-06-20 09:13 . 2009-05-24 23:03 -------- d-----w- c:\documents and settings\Ciera May\Application Data\OpenOffice.org2
2010-06-11 17:11 . 2009-11-06 00:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:06 . 2008-06-19 02:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:06 . 2007-07-01 23:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:22 . 2010-05-28 20:22 503808 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcp71.dll
2010-05-28 20:22 . 2010-05-28 20:22 499712 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\jmc.dll
2010-05-28 20:22 . 2010-05-28 20:22 348160 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48905b33-n\msvcr71.dll
2010-05-28 20:22 . 2010-05-28 20:22 61440 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-sse.dll
2010-05-28 20:22 . 2010-05-28 20:22 12800 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65d10512-n\decora-d3d.dll
2010-05-25 01:59 . 2010-05-25 01:59 503808 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcp71.dll
2010-05-25 01:59 . 2010-05-25 01:59 499712 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\jmc.dll
2010-05-25 01:59 . 2010-05-25 01:59 348160 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-396d1602-n\msvcr71.dll
2010-05-25 01:59 . 2010-05-25 01:59 61440 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-sse.dll
2010-05-25 01:59 . 2010-05-25 01:59 12800 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c812b22-n\decora-d3d.dll
2010-05-20 05:01 . 2010-05-20 05:01 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\Oberon Media
2010-05-20 05:01 . 2008-10-16 22:14 -------- d-----w- c:\program files\MSN Games
2010-05-19 22:47 . 2010-05-19 22:46 -------- d-----w- c:\program files\iTunes
2010-05-19 22:46 . 2006-03-24 23:28 -------- d-----w- c:\program files\iPod
2010-05-19 22:46 . 2008-11-24 23:42 -------- d-----w- c:\program files\Common Files\Apple
2010-05-19 22:42 . 2010-05-19 22:42 -------- d-----w- c:\program files\Bonjour
2010-05-19 22:32 . 2010-05-19 22:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-19 22:07 . 2007-01-30 22:52 -------- d-----w- c:\program files\LimeWire
2010-05-06 23:39 . 2007-12-19 02:49 -------- d-----w- c:\program files\CCleaner
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-09 00:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-09 00:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 21:26 . 2007-05-20 20:42 15080 -c--a-w- c:\documents and settings\Ciera May\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 21:21 . 2010-04-25 21:21 503808 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcp71.dll
2010-04-25 21:21 . 2010-04-25 21:21 499712 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\jmc.dll
2010-04-25 21:21 . 2010-04-25 21:21 348160 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2adc8935-n\msvcr71.dll
2010-04-25 21:20 . 2010-04-25 21:20 12800 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-d3d.dll
2010-04-25 21:20 . 2010-04-25 21:20 61440 ----a-w- c:\documents and settings\Ciera May\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a31f2e1-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 503808 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcp71.dll
2010-04-22 02:02 . 2010-04-22 02:02 499712 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\jmc.dll
2010-04-22 02:02 . 2010-04-22 02:02 348160 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-776f0010-n\msvcr71.dll
2010-04-22 02:02 . 2010-04-22 02:02 61440 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-sse.dll
2010-04-22 02:02 . 2010-04-22 02:02 12800 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b0f9f3b-n\decora-d3d.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 00:30 . 2010-04-09 00:30 503808 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcp71.dll
2010-04-09 00:30 . 2010-04-09 00:30 499712 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\jmc.dll
2010-04-09 00:30 . 2010-04-09 00:30 348160 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-291808b9-n\msvcr71.dll
2010-04-09 00:30 . 2010-04-09 00:30 61440 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-sse.dll
2010-04-09 00:30 . 2010-04-09 00:30 12800 ----a-w- c:\documents and settings\Eric May\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5250cc39-n\decora-d3d.dll
2010-04-09 00:29 . 2008-12-11 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 22:37 . 2009-03-24 17:48 15080 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-03-31 36864]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 987136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-03-17 1486848]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2006-03-17 668672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-20 53248]

c:\documents and settings\Ciera May\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Jordan\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\Eric May\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-3-30 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-3-21 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\WinFox\\Living\\wfupdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 10:48 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2008 10:48 PM 242896]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 10:05 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 10:06 AM 308064]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 10:01 PM 396480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2009 4:32 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2010-06-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 04:31]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Eric May\Application Data\Mozilla\Firefox\Profiles\803g8fgz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-29 23:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-29 23:46:50
ComboFix-quarantined-files.txt 2010-06-30 03:46
ComboFix2.txt 2010-06-30 03:30
ComboFix3.txt 2010-06-28 20:02
ComboFix4.txt 2010-06-28 07:55

Pre-Run: 61,395,476,480 bytes free
Post-Run: 61,379,031,040 bytes free

- - End Of File - - A51F3B487DF436E865F4B34EA9CC46CD

dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Wed Jun 30, 2010 3:08 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Wed Jun 30, 2010 6:49 pm

Here is the Eset log....it says no threats found.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8f0b76e44b3794479a21b22f4d7a5ebc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-30 06:46:08
# local_time=2010-06-30 02:46:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 18308338 18308338 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156551
# found=0
# cleaned=0
# scan_time=3680

dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Wed Jun 30, 2010 6:59 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Wed Jun 30, 2010 10:40 pm

Its running fine...I think it's fixed.

dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Wed Jun 30, 2010 11:47 pm

Hello.
Very nearly, just a few things to tidy up now.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by dizzywhizz on Thu Jul 01, 2010 3:48 am

1001 Japanese Crosswords
1001 Tangram Puzzles
2002 Games
2002 Kakuro Puzzles
2002 Space Out Games
3003 Crystal Mazes
500 Solitaire Games
ActivClient CAC 6.1 AFR
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
Advanced SystemCare 3
AI - Series
Ai Booster
AirPlus XtremeG
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.24.10
AsusUpdate
Athlon 64 Processor Driver
AudibleManager
AVG Free 9.0
Best Games Hits 3
Big Kahuna Reef
Black & White® 2
Bonjour
Build a lot 3
Burger Island
CCleaner
Chocolatier
Chocolatier 2 Secret Ingredients
Cool & Quiet
Critical Update for Windows Media Player 11 (KB959772)
Cubis Gold 2
DB CIF Cam
Delicious - Emily`s Tea Garden
Digital Video Camera Driver
EA Download Manager
EA Download Manager UI
EA Download Manager UI
Farm Frenzy
Farm Frenzy 2
GdiplusUpgrade
Ghost Town Mysteries
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Green Moon
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Update
Insaniquarium Deluxe
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 5.5.8
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
MicroStaff WINASPI
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 2.2
overland
Palm Desktop by ACCESS
Picasa 3
PowerDVD
Puzzle and Board XP Championship
Puzzle XP Championship 3000
QuickTime
Ranch Rush
Realtek AC'97 Audio
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! Web 2K/XP
SpongeBob Diner Dash
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Virtual City
WebEx Support Manager for Internet Explorer
Westward 3 Gold Rush
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live installer
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinFast(R) Display Driver
WinFox Setup
Yahoo! Install Manager
Yahoo! Toolbar
Zoo Tycoon: Complete Collection
Zuma Deluxe
Zuma’s Revenge


dizzywhizz
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2010-06-28
OS : Window XP

View user profile

Back to top Go down

Re: Infected Computer - ComboFix Scan Results

Post by Belahzur on Thu Jul 01, 2010 12:44 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 19
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 5.5.8

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.7 you currently have installed, so you won't lose any bookmarked websites.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum