Combofix - Ad problems

View previous topic View next topic Go down

Solved Combofix - Ad problems

Post by Nazar on Mon Dec 01, 2008 4:05 am

ComboFix 08-11-30.01 - yuriy 2008-11-30 22:57:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.564 [GMT -5:00]
Running from: c:\documents and settings\yuriy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\windows\system32\drivers\fad.sys
F:\Autorun.inf
F:\resycled

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-29 14:58 . 2008-11-29 14:58 d-------- c:\program files\Java
2008-11-29 14:58 . 2008-11-29 14:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-29 14:58 . 2008-11-29 14:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-27 18:12 . 2008-11-27 20:46 d-------- c:\documents and settings\yuriy\Application Data\DMCache
2008-11-26 14:50 . 2008-11-26 14:50 796,672 --a------ c:\windows\GPInstall.exe
2008-11-25 18:07 . 2008-11-25 18:07 d-------- c:\program files\MSXML 4.0
2008-11-21 19:22 . 2008-11-21 19:22 d--h----- c:\windows\PIF
2008-11-21 10:49 . 2008-11-21 10:49 d-------- c:\documents and settings\yuriy\LocalLow
2008-11-21 10:49 . 2008-11-21 10:49 d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-17 15:04 . 2008-11-17 15:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-11 21:14 . 2008-11-11 21:15 d-------- c:\program files\TI Education
2008-11-11 21:14 . 2008-11-11 21:14 d-------- c:\program files\Common Files\TI Shared
2008-11-11 21:13 . 2008-11-11 21:13 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 23:07 . 2008-11-07 23:07 d-------- c:\documents and settings\yuriy\Application Data\Apple Computer
2008-11-07 23:06 . 2008-11-07 23:06 d-------- c:\program files\Apple Software Update
2008-11-07 23:06 . 2008-11-07 23:06 d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-07 23:02 . 2008-11-07 23:05 d-------- c:\documents and settings\yuriy\Application Data\Flock
2008-11-07 23:01 . 2008-11-07 23:05 d-------- c:\program files\Flock
2008-11-03 19:12 . 2008-11-03 19:12 d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 02:20 --------- d-----w c:\documents and settings\yuriy\Application Data\Move Networks
2008-11-27 04:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 04:03 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 23:00 --------- d-----w c:\documents and settings\yuriy\Application Data\MSN6
2008-11-10 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 02:29 --------- d-----w c:\documents and settings\yuriy\Application Data\gtk-2.0
2008-11-01 15:53 --------- d-----w c:\documents and settings\yuriy\Application Data\Share-to-Web Upload Folder
2008-10-19 03:18 --------- d-----w c:\documents and settings\yuriy\Application Data\CyberLink
2008-10-19 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-16 22:45 --------- d--h--w c:\documents and settings\yuriy\Application Data\GTek
2008-10-16 22:45 --------- d-----w c:\program files\Linksys EasyLink Advisor
2008-10-16 22:43 --------- d--ha-w c:\documents and settings\All Users\Application Data\Gtek
2008-10-16 01:19 --------- d-----w c:\program files\Google
2008-10-12 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-11 15:11 --------- d-----w c:\program files\ReadIris
2008-10-11 15:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-11 15:04 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-11 15:02 --------- d-----w c:\program files\Hewlett-Packard
2008-10-10 00:54 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-10 00:54 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-10-10 00:54 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-10 00:54 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-10 00:54 --------- d-----w c:\program files\Symantec
2008-10-10 00:45 --------- d-----w c:\program files\Norton AntiVirus
2008-10-10 00:41 --------- d-----w c:\program files\Windows Sidebar
2008-10-10 00:03 --------- d-----w c:\program files\NOS
2008-10-10 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-10 00:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-09 21:51 --------- d-----w c:\program files\Common Files\Ahead
2008-10-09 21:51 --------- d-----w c:\documents and settings\yuriy\Application Data\Ahead
2008-10-09 21:49 --------- d-----w c:\program files\Nero
2008-10-09 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-09 21:45 --------- d-----w c:\program files\CyberLink
2008-10-09 20:33 --------- d-----w c:\program files\MSBuild
2008-10-09 20:33 --------- d-----w c:\program files\Microsoft Works
2008-10-09 20:32 --------- d-----w c:\program files\Microsoft.NET
2008-10-09 02:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-09 01:32 --------- d-----w c:\program files\Analog Devices
2008-10-09 00:58 98,304 ----a-w c:\windows\DUMP2b46.tmp
2008-10-08 21:44 --------- d-----w c:\program files\Broadcom
2008-10-08 21:43 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-08 20:36 --------- d-----w c:\program files\Wireless LAN Utility
2008-10-08 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2008-10-08 02:49 --------- d-----w c:\program files\TP-LINK
2008-10-08 01:52 --------- d-----w c:\program files\SiS163u
2008-10-07 22:41 --------- d-----w c:\program files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]

c:\documents and settings\yuriy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 323646]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\yuriy\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-25 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d387b8-9bd4-11dd-a588-0007e9cdb24c}]
\Shell\AutoRun\command - H:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccdfc940-94c1-11dd-a565-d7bc5c6f8624}]
\Shell\AutoRun\command - F:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee124d6c-a526-11dd-a58f-0007e9cdb24c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
\Shell\Open\command - h:\resycled\boot.com h:

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1223737892.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

2008-11-30 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1225394927.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

2008-11-08 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1226149372.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

2008-11-25 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - yuriy.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\yuriy\Application Data\Mozilla\Firefox\Profiles\p73k56ks.default\
FF -: plugin - c:\documents and settings\yuriy\Application Data\Mozilla\Firefox\Profiles\p73k56ks.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - c:\documents and settings\yuriy\Application Data\Mozilla\Firefox\Profiles\p73k56ks.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - f:\nazar's stuff\Firefox\plugins\npnul32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-30 23:00:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-30 23:01:42
ComboFix-quarantined-files.txt 2008-12-01 04:01:09

Pre-Run: 109,689,479,168 bytes free
Post-Run: 109,773,312,000 bytes free

172 --- E O F --- 2008-10-24 07:00:32

Nazar
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2008-06-14
OS : NC

View user profile

Back to top Go down

Solved Re: Combofix - Ad problems

Post by Belahzur on Mon Dec 01, 2008 11:56 am

Log looks clean.
Execute this.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee124d6c-a526-11dd-a58f-0007e9cdb24c}]

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Combofix - Ad problems

Post by Nazar on Tue Dec 02, 2008 11:42 pm

Your tha man! thanks for all your help, the ads are gone, i restarted my pc and its gone.

But... when i try to add the rix.reg, it says it cannot put it in the registry
is it required i do this?

*Nazar

Nazar
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2008-06-14
OS : NC

View user profile

Back to top Go down

Solved Re: Combofix - Ad problems

Post by Belahzur on Tue Dec 02, 2008 11:45 pm

Did you include Windows Registry Editor Version 5.00 on the top line of Notepad?
If not, that's probably why.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Combofix - Ad problems

Post by Doctor Inferno on Wed Dec 17, 2008 1:54 pm

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum