Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Check my LOG


  • This topic is locked This topic is locked
1 reply to this topic

#1 _NAARC_

_NAARC_

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 29 July 2009 - 01:21 PM

Firstly let me say you people are doing a wonderfull JOB may GOD bless this Site and all the USERS. Here is my LOG please see does my pc have Swine Flue :thumbsup:

ComboFix 09-07-22.01 - GRAYNICHOLLS 07/29/2009 21:52.3.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3207 [GMT 4:00]
Running from: c:\documents and settings\GRAYNICHOLLS\My Documents\Downloads\Programs\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 03:52 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 03:52 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 07:10 . 2009-07-28 17:32 -------- d-----w- c:\program files\HDD Regenerator
2009-07-28 07:10 . 2009-07-28 07:10 -------- d-----w- c:\windows\Downloaded Installations
2009-07-25 14:41 . 2009-07-25 14:41 -------- d-----w- c:\windows\Paltalk Messenger
2009-07-25 14:41 . 2009-07-25 14:46 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-21 00:54 . 2009-07-26 14:00 -------- d-----w- c:\program files\Norton Security Scan
2009-07-20 17:02 . 2009-07-20 17:02 -------- d-----w- c:\program files\VMNetSrv
2009-07-20 17:02 . 2009-07-20 17:02 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Steganos VPN
2009-07-20 17:02 . 2009-07-20 17:02 -------- d-----w- c:\program files\Steganos Internet Anonym VPN
2009-07-17 19:05 . 2009-07-17 19:05 181680 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-07-17 19:05 . 2009-07-29 15:34 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\DMCache
2009-07-17 19:05 . 2009-07-18 16:53 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\IDM
2009-07-17 19:05 . 2009-07-23 20:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-16 19:31 . 2009-07-16 19:31 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\Temp
2009-07-10 20:56 . 2009-07-10 20:57 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\Mayoko
2009-07-09 17:12 . 2009-07-09 17:12 -------- d-----w- c:\program files\SnagIMG
2009-07-07 11:20 . 2009-07-07 11:20 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 19:35 . 2009-07-05 19:35 101888 ----a-w- c:\windows\system32\wini.exe
2009-07-05 07:55 . 2009-07-05 07:59 -------- d-----w- c:\program files\Google SiteMap Builder
2009-07-05 07:55 . 2002-07-26 14:02 62464 ----a-w- C:\UNWISE.EXE
2009-07-04 22:09 . 2009-07-04 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Redfield
2009-07-04 09:11 . 2009-07-04 09:11 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\dwhelper
2009-07-04 09:10 . 2009-05-01 12:17 77824 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\Mozilla\Firefox\Profiles\vpyw304a.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Download Manager
2009-07-01 13:45 . 2009-07-01 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 15:45 . 2009-06-10 18:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-29 15:34 . 2009-06-11 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-07-29 15:34 . 2009-05-30 09:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 19:09 . 2009-05-31 17:23 -------- d-----w- c:\program files\Flock
2009-07-20 15:53 . 2009-05-30 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-18 22:14 . 2009-05-30 09:39 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\uTorrent
2009-07-18 16:44 . 2009-06-26 00:18 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\SlimBrowser
2009-07-07 11:19 . 2009-06-10 13:01 -------- d-----w- c:\program files\SpeedFan
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 12:01 . 2009-05-30 08:37 16608 ----a-w- c:\windows\gdrv.sys
2009-06-29 15:28 . 2009-06-29 15:28 -------- d-----w- c:\program files\Xenu
2009-06-29 14:55 . 2009-06-29 14:52 -------- d-----w- c:\program files\Links Extractor 1.4
2009-06-28 12:50 . 2009-06-28 12:50 -------- d-----w- c:\program files\MSXML 4.0
2009-06-28 10:22 . 2009-06-28 10:22 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-28 10:22 . 2009-06-28 10:22 -------- d-----w- c:\program files\SourceTec
2009-06-26 07:42 . 2009-05-30 08:40 -------- d-----w- c:\program files\Realtek
2009-06-26 07:42 . 2009-05-30 08:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 07:34 . 2009-06-18 00:03 -------- d-----w- c:\program files\REL Link Checker Lite
2009-06-26 00:18 . 2009-06-26 00:18 -------- d-----w- c:\program files\SlimBrowser
2009-06-25 16:03 . 2009-06-25 16:03 23558 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{341CCEC7-0495-4955-9424-88CFE9DD5EA7}\_E585E7B5147BBB464739DA.exe
2009-06-25 16:03 . 2009-06-25 16:03 23558 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{341CCEC7-0495-4955-9424-88CFE9DD5EA7}\_D90890EF69BA1CAC206FD1.exe
2009-06-25 16:03 . 2009-06-25 16:03 -------- d-----w- c:\program files\GoodVoice
2009-06-24 20:14 . 2009-06-08 09:55 -------- d-----w- c:\program files\CCleaner
2009-06-19 12:44 . 2009-06-13 08:30 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-19 12:43 . 2009-06-13 08:30 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab
2009-06-19 12:43 . 2009-06-19 12:43 207872 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-19 12:43 . 2009-06-19 12:43 207872 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-19 12:43 . 2009-06-19 12:43 207872 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-19 12:43 . 2009-06-19 12:43 207872 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-19 10:19 . 2009-05-30 09:56 45696 ----a-w- c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 21:20 . 2009-06-18 21:20 -------- d-----w- c:\program files\Reference Assemblies
2009-06-17 23:52 . 2009-06-17 23:52 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Electrum
2009-06-17 13:07 . 2009-06-03 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC427
2009-06-16 22:55 . 2009-06-09 10:40 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\dvdcss
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 17:30 . 2009-06-04 17:06 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\POP Peeper
2009-06-13 14:37 . 2009-06-06 09:10 -------- d-----w- c:\program files\IObit
2009-06-13 08:53 . 2009-06-13 08:53 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-13 08:53 . 2009-06-13 08:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-13 08:30 . 2009-06-13 08:30 290816 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-13 08:30 . 2009-06-13 08:30 290816 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-13 08:30 . 2009-06-13 08:30 290816 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-13 08:30 . 2009-06-13 08:30 290816 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-12 22:03 . 2009-06-04 17:04 -------- d-----w- c:\program files\POP Peeper
2009-06-11 21:53 . 2008-07-04 09:35 57344 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2009-06-11 21:53 . 2009-06-01 15:21 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-11 21:53 . 2009-06-01 15:21 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-11 21:47 . 2009-06-01 15:21 33665024 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2009-06-11 21:33 . 2009-05-30 09:13 610304 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-11 12:49 . 2009-06-11 11:19 -------- d-----w- c:\program files\Live View
2009-06-11 12:46 . 2009-06-11 11:20 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\VMware
2009-06-11 11:19 . 2009-06-11 11:08 -------- d-----w- c:\program files\VMware
2009-06-11 11:09 . 2009-06-11 11:09 -------- d-----w- c:\program files\Common Files\VMware
2009-06-10 18:40 . 2009-06-10 18:37 -------- d-----w- c:\program files\SpywareBlaster
2009-06-07 13:21 . 2009-06-07 13:21 1024 ----a-w- c:\windows\system32\pwdremover.dat
2009-06-07 13:20 . 2009-06-07 13:20 -------- d-----w- c:\program files\PDF Password Remover v2.5
2009-06-07 12:22 . 2009-06-07 12:22 1078 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2009-06-07 12:22 . 2009-06-07 12:22 1078 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2009-06-07 12:22 . 2009-06-07 12:22 1078 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2009-06-07 12:22 . 2009-06-07 12:22 1078 ----a-r- c:\documents and settings\GRAYNICHOLLS\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\program files\Microsoft Bootvis
2009-06-06 09:16 . 2009-06-06 09:10 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\IObit
2009-06-05 22:37 . 2009-06-05 22:36 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\vlc
2009-06-04 11:28 . 2009-06-28 10:22 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-06-04 11:28 . 2009-06-28 10:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-04 09:44 . 2009-06-02 12:59 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\LimeWire
2009-06-04 09:31 . 2009-06-04 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 11:24 . 2009-06-03 11:24 -------- d-----w- c:\program files\Comodo
2009-06-03 08:01 . 2009-05-30 09:54 -------- d-----w- c:\program files\Norton 360
2009-06-02 21:55 . 2009-06-02 21:55 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\AdobeUM
2009-06-02 12:59 . 2009-06-02 12:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 12:59 . 2009-06-02 12:59 -------- d-----w- c:\program files\Java
2009-06-02 12:58 . 2009-06-02 12:58 152576 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-02 09:33 . 2009-06-02 09:33 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Malwarebytes
2009-06-02 09:33 . 2009-06-02 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 09:33 . 2009-06-02 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 08:55 . 2009-06-02 08:55 1244648 ----a-w- c:\documents and settings\GRAYNICHOLLS\Application Data\MSNInstaller\msnauins.exe
2009-06-02 08:55 . 2009-06-01 19:03 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\MSNInstaller
2009-06-02 00:22 . 2009-05-30 08:31 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-01 15:38 . 2009-05-30 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-01 15:25 . 2009-06-01 15:23 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Nokia
2009-06-01 15:24 . 2009-06-01 15:23 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\PC Suite
2009-06-01 15:24 . 2009-06-01 15:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-01 15:24 . 2009-06-01 15:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-01 15:23 . 2009-06-01 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-01 15:22 . 2009-06-01 15:22 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-01 15:22 . 2009-06-01 15:22 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-01 15:22 . 2009-06-01 15:22 -------- d-----w- c:\program files\Nokia
2009-06-01 15:22 . 2009-06-01 15:22 -------- d-----w- c:\program files\DIFX
2009-06-01 15:22 . 2009-06-01 15:22 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-01 15:21 . 2009-06-01 15:21 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-01 15:21 . 2009-06-01 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-01 12:27 . 2009-06-01 12:27 -------- d-----w- c:\program files\Windows Defender
2009-06-01 10:21 . 2009-06-01 10:21 -------- d-----w- c:\program files\Trend Micro
2009-05-31 21:46 . 2009-05-31 21:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-31 21:13 . 2009-05-30 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-31 17:23 . 2009-05-31 17:23 -------- d-----w- c:\documents and settings\GRAYNICHOLLS\Application Data\Flock
2009-05-30 10:54 . 2009-05-30 09:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-25 20:47 . 2009-05-30 08:53 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-31 18:47 . 2009-05-30 11:10 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_20.28.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 15:41 . 2009-07-11 15:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-03-24 03:27 . 2006-05-31 18:25 25088 c:\windows\system32\msxml3a.dll
- 2009-03-08 00:31 . 2009-03-08 00:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 00:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
- 2009-06-10 09:42 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 09:42 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-03-08 00:33 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 00:33 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-02 12:45 . 2009-07-28 07:04 34308 c:\windows\system32\bassmod.dll
- 2009-06-02 12:45 . 2009-06-02 12:48 34308 c:\windows\system32\bassmod.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 04:08 . 2009-03-08 00:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2009-03-08 00:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 00:32 . 2009-03-08 00:32 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2009-02-20 08:10 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-20 08:10 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 00:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-10 09:42 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 09:42 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 00:31 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 10:09 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 00:32 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 00:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-25 14:41 . 2009-07-25 14:41 471552 c:\windows\Paltalk Messenger\uninstall.exe
+ 2009-07-29 04:07 . 2009-07-29 04:07 248832 c:\windows\Installer\12e328.msi
+ 2009-07-29 04:08 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 04:08 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 04:08 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 04:08 . 2009-03-08 00:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 04:08 . 2009-03-08 00:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 04:08 . 2009-03-08 00:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 04:08 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 00:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-20 08:10 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-20 08:11 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-10 09:42 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 04:08 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-07-28 07:10 . 2009-07-28 07:10 2008120 c:\windows\Downloaded Installations\{945D0A02-3985-4251-AEDA-F2A9A377AD3E}\HDD Regenerator.msi
+ 2009-03-08 00:39 . 2009-07-19 14:48 11067392 c:\windows\system32\ieframe.dll
+ 2009-06-10 09:42 . 2009-07-19 14:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-07-29 04:08 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"HuaWeiEVDO.exe"="c:\program files\Etisalat USB\Etisalat USB.exe" [2007-07-06 925696]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-23 2836376]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-07-23 2745776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-30 185896]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 AVPNStarter;Steganos Anonym VPN Starter Service;c:\program files\Steganos Internet Anonym VPN\AVPNStarter.exe [2/25/2008 1:52 PM 21504]
S2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [6/3/2009 3:24 PM 73464]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 11:37 PM 149352]
S2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [4/12/2007 8:05 PM 1646685]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [5/6/2009 9:08 AM 104272]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/13/2008 6:32 AM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2009 2:55 PM 101936]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [5/30/2009 12:37 PM 47624]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [10/19/2007 12:50 PM 24320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4C9A686-2E05-F100-4DCF-B7B78DAE2C7A}]
c:\windows\system32\wini.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-287218729-725345543-1003Core.job
- c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 06:59]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-287218729-725345543-1003UA.job
- c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 06:59]

2009-07-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]

2009-07-26 c:\windows\Tasks\Norton Security Scan for GRAYNICHOLLS.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 01:53]

2009-07-29 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 13:04]

2009-07-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://xpert-zone.com/forum
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: naarc.at.ua\www
FF - ProfilePath - c:\documents and settings\GRAYNICHOLLS\Application Data\Mozilla\Firefox\Profiles\vpyw304a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\GRAYNICHOLLS\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\GRAYNICHOLLS\Application Data\Mozilla\Firefox\Profiles\vpyw304a.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\GRAYNICHOLLS\Application Data\Mozilla\Firefox\Profiles\vpyw304a.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\GRAYNICHOLLS\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-07-29 21:59
ComboFix-quarantined-files.txt 2009-07-29 17:58
ComboFix2.txt 2009-07-23 20:38
ComboFix3.txt 2009-07-23 20:30

Pre-Run: 302,144,532,480 bytes free
Post-Run: 302,105,255,936 bytes free

407 --- E O F --- 2009-07-29 04:08

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 29 July 2009 - 02:03 PM

Hello NAARC,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users