BleepingComputer.com: combofix log

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

combofix log removing folder.exe virus

#1 User is offline   misterverma 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 16-July 09

Posted 16 July 2009 - 11:33 AM

ComboFix 09-07-14.08 - HP USER 07/16/2009 21:13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.111 [GMT 5.5:30]
Running from: d:\music\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\cfhbjd.exe
c:\documents and settings\Administrator\Cookies\Cookies.exe
c:\documents and settings\Administrator\Favorites\Favorites.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Application Data.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Temporary Internet Files.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\Startup.exe
c:\documents and settings\All Users\Application Data\Microsoft\Dr Watson\Dr Watson.exe
c:\documents and settings\All Users\Favorites\Favorites.exe
c:\documents and settings\All Users\Favorites\Yahoo!\Yahoo!.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Startup.exe
c:\documents and settings\Default User\Cookies\Cookies.exe
c:\documents and settings\Default User\Favorites\Favorites.exe
c:\documents and settings\Default User\Local Settings\Application Data\Application Data.exe
c:\documents and settings\Default User\Local Settings\Temporary Internet Files\Temporary Internet Files.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\Startup.exe
c:\documents and settings\HP USER\autorun.inf
c:\documents and settings\HP USER\Cookies\Cookies.exe
c:\documents and settings\HP USER\Favorites\Favorites.exe
c:\documents and settings\HP USER\Favorites\Links\Links.exe
c:\documents and settings\HP USER\Favorites\Microsoft Web Sites\Microsoft Web Sites.exe
c:\documents and settings\HP USER\Favorites\Microsoft Websites\Microsoft Websites.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Communication\Communication.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Community\Community.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Entertainment\Entertainment.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Home & Living\Home & Living.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Information Management\Information Management.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\News\News.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Personal Finance\Personal Finance.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Personal Publishing\Personal Publishing.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Shopping\Shopping.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Sports & Outdoors\Sports & Outdoors.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Tools for Business\Tools for Business.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Travel & Transportation\Travel & Transportation.exe
c:\documents and settings\HP USER\Favorites\Yahoo!\Yahoo!.exe
c:\documents and settings\HP USER\HP USER.exe
c:\documents and settings\HP USER\Local Settings\Application Data\Application Data.exe
c:\documents and settings\HP USER\Local Settings\Temporary Internet Files\Temporary Internet Files.exe
c:\documents and settings\HP USER\Start Menu\Programs\Startup\Startup.exe
c:\documents and settings\LocalService\Cookies\Cookies.exe
c:\documents and settings\LocalService\Local Settings\Application Data\Application Data.exe
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Temporary Internet Files.exe
c:\documents and settings\NetworkService\Cookies\Cookies.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\Application Data.exe
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Temporary Internet Files.exe
C:\hhtiscb.exe
C:\kfidrvvl.exe
C:\new folder.exe
c:\program files\INSTALL.LOG
C:\rocdcur.exe
C:\rqsjxpn.exe
C:\uneaymfn.exe
C:\upupnr.exe
c:\windows\ssvichosst.exe
c:\windows\system32\autorun.ini
c:\windows\system32\setting.ini
c:\windows\system32\ssvichosst.exe
c:\windows\windows.exe
C:\xlxvkidl.exe
D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 15:38 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\New Folder.exe
2009-07-16 15:38 . 2008-12-11 10:03 2043904 ----a-w- c:\program files\Program Files.exe
2009-07-16 15:34 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Yahoo!\SearchProtection\SearchProtection.exe
2009-07-16 14:41 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qvkmrdr1.default\profile.exe
2009-07-16 14:41 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qvkmrdr1.default\chrome\chrome.exe
2009-07-16 14:41 . 2009-07-16 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-16 14:32 . 2009-07-16 14:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Application Data.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Microsoft.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Media Player\Media Player.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\SystemCertificates\SystemCertificates.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\SystemCertificates\My\My.exe
2009-07-16 14:31 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Administrator\Default User.exe
2009-07-16 14:28 . 2009-07-16 14:44 -------- d-----w- c:\documents and settings\admin
2009-07-16 14:24 . 2008-12-11 10:03 2043904 --sha-r- c:\documents and settings\HP USER\SSVICHOSST.exe
2009-07-16 14:24 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\New Folder.exe
2009-07-16 14:19 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles\oldfiles\oldfiles.exe
2009-07-16 11:43 . 2008-12-11 10:03 2043904 --sha-r- c:\documents and settings\SSVICHOSST.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\ESET\ESET.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Updater5\Updater5.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\ALM\ALM.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\7.0\Replicate\Security\Security.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\7.0\Replicate\Replicate.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\7.0\7.0.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Application Data.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Adobe.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\Acrobat.exe
2009-07-16 11:21 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\All Users.exe
2009-07-16 10:22 . 2009-07-16 12:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-16 09:23 . 2008-12-11 10:03 2043904 ----a-w- c:\program files\Common Files\Common Files.exe
2009-07-16 08:53 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Yahoo! Messenger\vinod.sagitta\vinod.sagitta.exe
2009-07-16 08:52 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Skype\vinodverma\vinodverma.exe
2009-07-16 08:51 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Mozilla\Mozilla.exe
2009-07-16 08:50 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Macromedia\Flash Player\#SharedObjects\MJMRBAFR\www.redtube.com\_playerx\flash\client_players\redtube\xmoov-flv-player3.swf\xmoov-flv-player3.swf.exe
2009-07-16 08:49 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\HP USER\Application Data\Identities\Identities.exe
2009-07-16 08:48 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\Default User\Application Data\Microsoft\SystemCertificates\SystemCertificates.exe
2009-07-16 08:47 . 2008-12-11 10:03 2043904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Player\Media Player.exe
2009-07-14 10:31 . 2009-07-15 09:43 -------- d-sh--w- c:\windows\system32\SysInfoServ
2009-07-14 10:31 . 2009-07-16 12:26 -------- d-sh--w- c:\windows\system32\Hexadecimal
2009-07-02 07:32 . 2009-07-16 09:00 -------- d-sh--w- c:\documents and settings\HP USER\PrivacIE
2009-07-02 07:30 . 2009-07-16 08:54 -------- d-sh--w- c:\documents and settings\HP USER\IETldCache
2009-07-02 07:27 . 2009-07-02 07:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 07:25 . 2009-07-02 07:25 152576 ----a-w- c:\documents and settings\HP USER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-02 07:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-02 07:22 . 2009-07-16 13:31 -------- d-----w- c:\windows\ie8updates
2009-07-02 07:20 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 07:20 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 07:18 . 2009-07-16 13:30 -------- dc-h--w- c:\windows\ie8
2009-06-23 06:35 . 1997-06-19 20:30 30208 ----a-w- c:\windows\REGET.EXE
2009-06-23 06:35 . 1997-03-18 19:30 260 ----a-w- c:\windows\INFRABAK.BAT
2009-06-23 06:34 . 1996-11-05 10:43 299008 ----a-w- c:\windows\uninst.exe
2009-06-18 03:59 . 2009-06-18 03:59 390664 ----a-w- c:\documents and settings\HP USER\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 15:24 . 2005-12-30 10:40 -------- d-----w- c:\program files\Yahoo!
2009-07-16 15:23 . 2005-12-24 02:01 -------- d-----w- c:\program files\WIDCOMM
2009-07-16 15:23 . 2006-04-04 15:52 -------- d-----w- c:\program files\The Times Testing Series
2009-07-16 15:23 . 2005-12-24 02:05 -------- d-----w- c:\program files\Synaptics
2009-07-16 15:23 . 2007-02-17 10:15 -------- d-----w- c:\program files\Symantec
2009-07-16 15:23 . 2007-12-04 05:35 -------- d-----w- c:\program files\SonicWallES
2009-07-16 15:23 . 2006-02-18 08:18 -------- d-----w- c:\program files\Sony Corporation
2009-07-16 15:22 . 2007-06-04 09:31 -------- d-----w- c:\program files\SmarThru 4
2009-07-16 15:22 . 2006-09-04 07:12 -------- d-----w- c:\program files\Skype
2009-07-16 15:22 . 2007-06-04 09:28 -------- d-----w- c:\program files\Samsung
2009-07-16 14:50 . 2008-06-29 05:47 -------- d-----w- c:\program files\ESET
2009-07-16 11:51 . 2006-06-21 06:18 -------- d-----w- c:\program files\Real
2009-07-16 11:48 . 2007-02-03 06:06 -------- d-----w- c:\program files\QuickTime
2009-07-16 11:48 . 2006-02-18 08:20 -------- d-----w- c:\program files\PIXELA
2009-07-16 11:48 . 2007-06-08 04:04 -------- d-----w- c:\program files\MSXML 4.0
2009-07-16 11:48 . 2005-12-23 23:15 -------- d-----w- c:\program files\MsnMusic
2009-07-16 11:47 . 2008-08-28 07:50 -------- d-----w- c:\program files\MSECache
2009-07-16 11:47 . 2009-01-15 15:09 -------- d-----w- c:\program files\MPlayer for Windows
2009-07-16 11:46 . 2005-12-23 22:52 -------- d-----w- c:\program files\Microsoft.NET
2009-07-16 11:46 . 2005-12-23 22:51 -------- d-----w- c:\program files\Microsoft Works
2009-07-16 11:44 . 2005-12-24 01:50 -------- d-----w- c:\program files\microsoft frontpage
2009-07-16 11:44 . 2005-12-23 22:52 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-16 11:44 . 2008-06-29 06:35 -------- d-----w- c:\program files\Marsu-Fix
2009-07-16 11:44 . 2008-04-27 06:28 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-16 11:43 . 2005-12-24 02:14 -------- d-----w- c:\program files\Java
2009-07-16 11:42 . 2007-02-03 06:17 -------- d-----w- c:\program files\iPod
2009-07-16 11:41 . 2005-12-24 02:16 -------- d-----w- c:\program files\InterVideo
2009-07-16 11:41 . 2005-12-24 02:18 -------- d-----w- c:\program files\Intel
2009-07-16 11:41 . 2005-12-24 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 11:41 . 2005-12-24 02:02 -------- d-----w- c:\program files\HPQ
2009-07-16 11:41 . 2005-12-24 02:11 -------- d-----w- c:\program files\HP Accessories Product Tour
2009-07-16 11:41 . 2008-04-01 06:23 -------- d-----w- c:\program files\HP
2009-07-16 11:38 . 2007-11-23 04:30 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 11:38 . 2008-06-29 10:17 -------- d-----w- c:\program files\GPLGS
2009-07-16 11:36 . 2005-12-30 11:37 -------- d-----w- c:\program files\Google
2009-07-16 11:36 . 2008-04-05 09:44 -------- d-----w- c:\program files\Free MP3 CD Ripper
2009-07-16 11:36 . 2008-02-09 05:08 -------- d-----w- c:\program files\eMusic Download Manager
2009-07-16 11:36 . 2009-03-21 14:09 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-16 11:36 . 2005-12-23 20:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 11:35 . 2006-06-21 06:18 -------- d-----w- c:\program files\Common Files\Real
2009-07-16 11:35 . 2006-02-18 10:59 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-16 11:34 . 2005-12-23 22:52 -------- d-----w- c:\program files\Common Files\L&H
2009-07-16 11:34 . 2005-12-24 02:14 -------- d-----w- c:\program files\Common Files\Java
2009-07-16 11:31 . 2008-06-29 10:15 -------- d-----w- c:\program files\Acro Software
2009-07-16 11:21 . 2008-05-25 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-16 09:24 . 2005-12-24 01:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-16 09:23 . 2007-11-23 04:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-16 09:23 . 2008-04-05 08:06 -------- d-----w- c:\program files\Common Files\COWON
2009-07-16 09:23 . 2007-10-22 14:48 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-16 09:23 . 2005-12-30 10:45 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-16 09:23 . 2005-12-23 23:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-16 09:23 . 2005-12-24 02:01 -------- d-----w- c:\program files\Broadcom
2009-07-16 09:23 . 2008-04-06 06:08 -------- d-----w- c:\program files\BitComet
2009-07-16 09:23 . 2005-12-24 02:00 -------- d-----w- c:\program files\Analog Devices
2009-07-16 09:22 . 2005-12-30 10:45 -------- d-----w- c:\program files\Ahead
2009-07-16 09:01 . 2008-04-05 10:47 -------- d-----w- c:\program files\Admiresoft
2009-07-16 08:53 . 2005-12-30 10:42 -------- d-----w- c:\documents and settings\HP USER\Application Data\Yahoo! Messenger
2009-07-16 08:53 . 2006-07-04 11:52 -------- d-----w- c:\documents and settings\HP USER\Application Data\Yahoo!
2009-07-16 08:53 . 2006-08-06 08:30 -------- d-----w- c:\documents and settings\HP USER\Application Data\vlc
2009-07-16 08:53 . 2008-04-07 13:35 -------- d-----w- c:\documents and settings\HP USER\Application Data\uTorrent
2009-07-16 08:53 . 2008-08-02 14:18 -------- d-----w- c:\documents and settings\HP USER\Application Data\U3
2009-07-16 08:53 . 2008-12-15 07:04 -------- d-----w- c:\documents and settings\HP USER\Application Data\Talkback
2009-07-16 08:53 . 2005-12-23 20:14 -------- d-----w- c:\documents and settings\HP USER\Application Data\Symantec
2009-07-16 08:53 . 2005-12-24 02:13 -------- d-----w- c:\documents and settings\HP USER\Application Data\Sonic
2009-07-16 08:53 . 2007-06-04 09:33 -------- d-----w- c:\documents and settings\HP USER\Application Data\SmarThru4
2009-07-16 08:52 . 2006-09-04 07:12 -------- d-----w- c:\documents and settings\HP USER\Application Data\Skype
2009-07-16 08:50 . 2005-12-24 12:32 -------- d-----w- c:\documents and settings\HP USER\Application Data\Leadertech
2009-07-16 08:50 . 2005-12-30 11:38 -------- d-----w- c:\documents and settings\HP USER\Application Data\InterVideo
2009-07-16 08:49 . 2007-11-23 04:37 -------- d-----w- c:\documents and settings\HP USER\Application Data\Hewlett-Packard
2009-07-16 08:49 . 2008-05-25 14:48 -------- d-----w- c:\documents and settings\HP USER\Application Data\ESET
2009-07-16 08:49 . 2008-04-05 08:55 -------- d-----w- c:\documents and settings\HP USER\Application Data\COWON
2009-07-16 08:49 . 2007-02-03 06:17 -------- d-----w- c:\documents and settings\HP USER\Application Data\Apple Computer
2009-07-16 08:49 . 2006-04-09 14:38 -------- d-----w- c:\documents and settings\HP USER\Application Data\AdobeUM
2009-07-16 08:49 . 2006-02-19 08:54 -------- d-----w- c:\documents and settings\HP USER\Application Data\Ahead
2009-07-16 08:48 . 2006-07-04 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-07-16 08:48 . 2005-12-23 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-16 08:47 . 2007-12-04 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2009-07-16 08:47 . 2008-04-27 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-16 08:47 . 2005-12-24 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi
2009-07-16 08:47 . 2009-04-01 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-16 08:47 . 2007-02-03 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-16 08:47 . 2005-12-30 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-16 07:46 . 2006-07-25 07:18 2071 ----a-w- c:\windows\panose.bin
2009-05-14 08:15 . 2005-12-23 22:09 88312 ----a-w- c:\documents and settings\HP USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
1999-06-25 05:25 . 2007-09-04 08:47 149504 ----a-w- c:\program files\UNWISE.EXE
2009-04-05 03:02 . 2009-03-22 04:25 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"Microsoft Groove"="c:\windows\system32\SysInfoServ\Groove.exe" [2009-04-11 91648]
"System Information Services"="c:\windows\system32\SysInfoServ\SysInfoServ.exe" [2009-04-11 64000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 790528]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 184320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-03 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-13 88209]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2005-12-24 184320]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17760:TCP"= 17760:TCP:BitComet 17760 TCP
"17760:UDP"= 17760:UDP:BitComet 17760 UDP

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/10/2008 6:53 PM 468224]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 7:56 PM 80384]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [8/4/2004 5:30 PM 3584]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/4/2004 5:30 PM 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
HKLM-Run-ClientGW - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://rnd009.googlepages.com/google.html
mStart Page = hxxp://rnd009.googlepages.com/google.html
uInternet Settings,ProxyServer = 10.101.22.49:3128
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {0842A06C-1553-4BFF-BD59-1D3579740C48} = 202.56.215.6,202.56.215.55
FF - ProfilePath - c:\documents and settings\HP USER\Application Data\Mozilla\Firefox\Profiles\u8m1t5vu.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail4india.net4.in/cgi-bin/webmail/login.cgi
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?1?7?4??`???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"EditionName"="TemDono FiX 1.2 (31 days remaining forever up to 2050)"
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000001
"ProductCode"="{58E05C78-4785-443D-8A1B-CBFF49C2A84E}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="3.0.667.0"
"UniqueId"="00031E85492A4050"
"ScannerBuild"=dword:00000bcb
"ScannerVersionId"=dword:00000c78
"ScannerVersion"=""
"PackageTag"=dword:04ff9687
"FixId"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-07-16 21:44
ComboFix-quarantined-files.txt 2009-07-16 16:14

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

354 --- E O F --- 2009-07-15 05:21

#2 User is offline   TMacK 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 4,672
  • Joined: 18-March 06
  • Gender:Male
  • Location:B.C. Canada

Posted 16 July 2009 - 01:00 PM

Hello misterverma,

Please note the message text in blue at the top of the Am I Infected? What do I do? forum

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/TMacK
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
aaaaaaaa a~Suzie Wagner

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users