Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recently infected - Combofix ran - am i clear?


  • Please log in to reply
1 reply to this topic

#1 Joffa_d

Joffa_d

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 07 May 2009 - 04:06 AM

Hi, i've recently become infected with some malware, some webhijacks, and fake antivirus scans. I've ran Combofix that located and removed a number of problems, could someone please take a look at the log and advise me if i need to take further action? Your help as ever is always appreciated. Regards, Jof Davies/

ComboFix 09-05-06.05 - Jof Davies 07/05/2009 9:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.306 [GMT 1:00]
Running from: c:\documents and settings\Jof Davies\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-3-3-77-100006656-100032171-100003730-9722.com
c:\windows\system32\drivers\gxvxcddneonsoptfsbjffatvxowtqgnqooaed.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcdxwqjenxhldtfhcdcelyoswgnlolnpop.dll
c:\windows\system32\khfGvstQ.dll
c:\windows\system32\pcburtks.dll
c:\windows\system32\sktrubcp.ini
c:\windows\system32\tuvvSMGw.dll
c:\windows\system32\wGMSvvut.ini
c:\windows\system32\wGMSvvut.ini2
d:\recycler\S-3-3-77-100006656-100032171-100003730-9722.com

.
((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 07:11 . 2009-05-07 07:11 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-07 07:10 . 2009-05-07 07:10 -------- d-----w c:\documents and settings\Jof Davies\Local Settings\Application Data\Downloaded Installations
2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w C:\ATI
2009-05-03 10:40 . 2009-05-03 10:40 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-03 10:38 . 2009-05-03 10:38 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-03 10:36 . 2009-05-03 10:36 -------- d-sh--w c:\documents and settings\Jof Davies\IECompatCache
2009-05-03 10:35 . 2009-05-03 10:35 -------- d-sh--w c:\documents and settings\Jof Davies\PrivacIE
2009-05-03 10:31 . 2009-05-03 10:31 -------- d-sh--w c:\documents and settings\Jof Davies\IETldCache
2009-05-03 10:29 . 2009-05-03 10:29 -------- d-----w c:\windows\ie8updates
2009-05-03 10:29 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-03 10:27 . 2009-05-03 10:29 -------- dc-h--w c:\windows\ie8
2009-05-03 09:43 . 2009-05-03 09:43 -------- d-----w c:\program files\CCleaner
2009-05-02 10:26 . 2009-05-02 10:26 -------- d-----w c:\documents and settings\Jof Davies\Application Data\Nero
2009-05-02 09:43 . 2009-05-02 09:43 -------- d-----w c:\program files\Windows Sidebar
2009-05-02 09:20 . 2009-05-02 09:46 -------- d-----w c:\program files\Nero
2009-05-02 09:19 . 2009-05-02 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-05-02 09:19 . 2009-05-02 10:07 -------- d-----w c:\program files\Common Files\Nero
2009-04-30 20:08 . 2009-03-25 10:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 20:08 . 2009-03-25 10:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-30 20:08 . 2009-03-25 10:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 20:08 . 2008-10-23 12:08 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-30 20:07 . 2009-04-30 20:08 -------- d-----w c:\program files\Common Files\McAfee
2009-04-30 20:07 . 2009-04-30 20:07 -------- d-----w c:\program files\McAfee.com
2009-04-30 20:07 . 2009-05-02 13:42 -------- d-----w c:\program files\McAfee
2009-04-30 20:00 . 2009-03-25 10:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-17 04:54 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
2009-04-17 04:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 04:54 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 04:54 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 04:54 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 04:54 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 04:54 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 04:54 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 04:54 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 04:54 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 04:54 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-07 18:40 . 2009-04-07 18:40 -------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-04-07 17:01 . 2009-04-07 17:01 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-07 17:01 . 2009-04-07 17:01 47360 ----a-w c:\documents and settings\Jof Davies\Application Data\pcouffin.sys
2009-04-07 17:01 . 2009-04-07 17:15 -------- d-----w c:\documents and settings\Jof Davies\Application Data\Vso
2009-04-07 17:01 . 2002-12-10 02:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-07 17:01 . 2006-09-29 12:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-07 17:01 . 2006-09-29 12:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-07 17:01 . 2006-09-29 12:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-07 17:01 . 2007-03-18 20:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-07 17:01 . 2006-05-11 19:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-07 17:01 . 2006-05-20 16:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-07 17:01 . 2009-04-07 17:01 -------- d-----w c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 08:30 . 2009-02-08 21:31 -------- d-----w c:\program files\MioNet
2009-05-07 07:12 . 2009-02-09 10:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 06:10 . 2009-02-09 10:30 -------- d-----w c:\program files\ATI Technologies
2009-05-03 17:57 . 2009-04-03 17:01 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-20 07:07 . 2009-03-25 08:38 1100 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-31 06:30 . 2009-03-29 15:58 -------- d-----w c:\program files\NOS
2009-03-29 16:04 . 2009-03-29 16:04 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-29 16:03 . 2009-02-20 18:47 -------- d-----w c:\program files\Common Files\Adobe
2009-03-25 10:06 . 2009-03-25 10:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-22 11:23 . 2009-03-22 11:23 0 ----a-w c:\windows\nsreg.dat
2009-03-12 08:11 . 2009-03-12 08:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-12 08:11 . 2009-02-11 18:22 -------- d-----w c:\program files\Java
2009-03-09 03:01 . 2009-03-09 03:01 -------- d-----w c:\program files\MSXML 4.0
2009-03-08 19:10 . 2009-03-08 19:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-08 03:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 19:31 . 2009-02-08 14:18 19536 ----a-w c:\documents and settings\Jof Davies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 18:56 . 2009-03-08 19:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:22 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-09 10:19 . 2009-02-09 10:19 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-08 11:35 . 2009-02-09 10:21 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 18:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-03_10.11.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 10:34 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-02-08 14:06 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-06-29 08:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 08:05 . 2006-06-29 08:05 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 17:59 . 2006-06-28 17:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 17:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 18:36 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 18:54 . 2009-03-08 03:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2007-08-13 18:39 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 08:05 . 2006-06-29 08:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 08:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 18:36 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2007-08-13 18:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2004-08-04 12:00 . 2007-08-13 18:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-02-08 10:53 . 2009-03-08 03:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-08 10:53 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2009-02-09 10:19 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
- 2009-02-09 10:26 . 2009-05-03 09:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-09 10:26 . 2009-05-07 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-09 10:26 . 2009-05-03 09:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-09 10:26 . 2009-05-07 08:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-03 10:28 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 44544 c:\windows\ie8\pngfilt.dll
+ 2009-05-03 10:27 . 2007-08-13 18:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-05-03 10:27 . 2007-08-13 18:32 45568 c:\windows\ie8\mshta.exe
+ 2009-05-03 10:27 . 2007-08-13 18:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-05-03 10:27 . 2009-02-20 18:09 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-05-03 10:27 . 2007-08-13 18:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 27648 c:\windows\ie8\jsproxy.dll
+ 2009-05-03 10:27 . 2007-08-13 18:39 92672 c:\windows\ie8\inseng.dll
+ 2009-05-03 10:27 . 2007-08-13 18:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-05-03 10:27 . 2007-08-13 18:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 44544 c:\windows\ie8\iernonce.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 78336 c:\windows\ie8\ieencode.dll
+ 2009-05-03 10:27 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-05-03 10:27 . 2009-02-20 18:09 63488 c:\windows\ie8\icardie.dll
+ 2009-05-03 10:27 . 2007-08-13 18:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-05-03 10:27 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-05-03 10:27 . 2007-08-13 18:39 71680 c:\windows\ie8\admparse.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\738c345666c0dbd20532315daa8e1d22\DriversHQ.DriverDetective.Client.DirectX.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\0c3687c431b090b643b9cc774a070311\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2009-05-03 10:29 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB968220-IE8\iecompat.dll
- 2009-02-08 10:51 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2009-02-08 10:51 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2007-08-13 18:45 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-04 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 109568 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2007-08-13 18:54 . 2009-03-08 03:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 18:54 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 183808 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-03-08 13:09 391536 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 12:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-02-09 10:20 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2004-08-04 12:00 . 2007-08-13 18:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-02-08 10:53 . 2009-03-08 03:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-02-09 10:19 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2009-03-08 03:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-03-08 13:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-02-08 10:53 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2009-05-03 10:40 . 2009-05-03 10:40 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2004-08-04 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-05-03 10:29 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll
+ 2009-05-03 10:29 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe
+ 2009-05-03 10:27 . 2009-03-03 00:18 826368 c:\windows\ie8\wininet.dll
+ 2009-05-03 10:27 . 2007-08-13 18:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-05-03 10:27 . 2009-02-20 18:09 233472 c:\windows\ie8\webcheck.dll
+ 2009-05-03 10:27 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-05-03 10:27 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 105984 c:\windows\ie8\url.dll
+ 2009-05-03 10:28 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-05-03 10:28 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-05-03 10:27 . 2006-09-06 17:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-05-03 10:27 . 2009-02-20 18:09 102912 c:\windows\ie8\occache.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 671232 c:\windows\ie8\mstime.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 193024 c:\windows\ie8\msrating.dll
+ 2009-05-03 10:27 . 2007-08-13 18:54 156160 c:\windows\ie8\msls31.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 477696 c:\windows\ie8\mshtmled.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 459264 c:\windows\ie8\msfeeds.dll
+ 2009-05-03 10:27 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-05-03 10:27 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2009-05-03 10:27 . 2007-08-13 18:54 180736 c:\windows\ie8\ieui.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 268288 c:\windows\ie8\iertutil.dll
+ 2009-05-03 10:27 . 2007-08-13 18:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-05-03 10:27 . 2007-08-13 18:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-05-03 10:27 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 230400 c:\windows\ie8\ieaksie.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 153088 c:\windows\ie8\ieakeng.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 214528 c:\windows\ie8\dxtrans.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 124928 c:\windows\ie8\advpack.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\99e485e0c3eb0435c1282ad4ef40b385\XPBurnComponent.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 304128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a31e53f07e077bdcad3ddcf5b78c9531\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a0da2486dbe2187fae8d0de1628f6e23\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 309248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\833f7d166a4617c568676dcc5d710a74\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 227328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\fc097e3905d706a9272c75f73e9c571e\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\8c9a2a30b4e78ed0002eb41dca119157\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\34031dcbf400dee07dc3907790925717\DriversHQ.DriverDetective.Common.ni.dll
+ 2004-08-04 12:00 . 2009-03-08 03:34 1206784 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-03-08 03:41 5937152 c:\windows\system32\mshtml.dll
+ 2007-08-13 18:34 . 2009-03-08 03:32 1985024 c:\windows\system32\iertutil.dll
+ 2007-02-12 16:10 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2009-03-08 03:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-03-08 03:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-02-08 10:53 . 2009-03-08 03:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-08 10:53 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 17:20 . 2009-01-07 17:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 1160192 c:\windows\ie8\urlmon.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 3595264 c:\windows\ie8\mshtml.dll
+ 2009-05-03 10:27 . 2009-02-20 18:09 6066176 c:\windows\ie8\ieframe.dll
+ 2009-05-03 10:27 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2009-05-07 07:12 . 2009-05-07 07:12 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\283ecfbaa6a6fab76c8b544a4a89d5ce\System.Data.OracleClient.ni.dll
+ 2009-05-07 07:12 . 2009-05-07 07:12 3406336 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5f4739a168de1f24409748bccf8a52da\DriversHQ.DriverDetective.Client.ni.exe
+ 2007-08-13 18:54 . 2009-03-08 03:39 11063808 c:\windows\system32\ieframe.dll
+ 2009-02-08 10:53 . 2009-03-08 03:39 11063808 c:\windows\system32\dllcache\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-06-10 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [01/06/2005 17:00 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30/04/2009 21:12 210216]
S2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [10/06/2008 16:05 139264]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-30 09:53]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-30 09:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7F8DE7E3-3192-4238-8633-A9892B9BC3DB} - c:\windows\system32\tuvvSMGw.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jof Davies\Application Data\Mozilla\Firefox\Profiles\pkk6mp8v.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 09:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3520)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-05-07 9:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 08:40
ComboFix2.txt 2009-05-03 10:13

Pre-Run: 15,980,888,064 bytes free
Post-Run: 15,998,812,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

424 --- E O F --- 2009-05-07 02:00

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:02 PM

Posted 07 May 2009 - 09:41 AM

ComboFix logs should not to be posted unless directed to by the member who is assisting you It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The BC Staff

Edited by garmanma, 07 May 2009 - 06:15 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users