Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

.LOG

Started by andreams , Sep 28 2009 12:43 AM

This topic is locked

2 replies to this topic

#1 andreams

Members
2 posts
OFFLINE

Local time:11:10 AM

Posted 28 September 2009 - 12:43 AM

ComboFix 09-09-25.01 - Andrea 09/28/2009 0:07.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.597 [GMT -4:00]
Running from: c:\documents and settings\Andrea\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\TS\tsc.exe
c:\windows\system32\Data
c:\windows\system32\iehelpmod.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-26 16:16 . 2009-09-26 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-09-26 16:16 . 2009-09-28 03:15 -------- d-----w- c:\program files\XoftSpySE6
2009-09-25 17:23 . 2009-09-25 17:23 -------- d-----w- c:\program files\Common Files\TSUninstall
2009-09-25 17:22 . 2009-09-28 04:11 -------- d-----w- c:\program files\TS
2009-09-25 15:29 . 2009-09-25 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-09-25 14:59 . 2009-09-25 15:00 -------- d-----w- c:\program files\Save Our Spirit
2009-09-24 05:19 . 2009-09-24 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-09-22 04:11 . 2009-09-22 04:11 -------- d-----w- c:\documents and settings\Andrea\Application Data\Merscom
2009-09-22 04:11 . 2009-09-22 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-20 03:49 . 2009-09-20 03:49 -------- d-----w- c:\documents and settings\Andrea\Application Data\TikisLab
2009-09-19 15:23 . 2009-09-19 15:24 88072 ----a-w- c:\documents and settings\Andrea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 01:31 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-17 01:31 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-17 01:31 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-17 01:31 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-17 01:31 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-17 01:31 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-17 01:31 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-17 01:17 . 2009-09-17 14:27 -------- d-----w- c:\program files\Nancy Drew Dossier - Resorting to Danger
2009-09-11 21:15 . 2009-09-11 21:15 -------- d-----w- c:\documents and settings\Andrea\Application Data\ERS G-Studio
2009-09-09 04:47 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 17:06 . 2009-09-08 17:06 -------- d-----w- c:\documents and settings\Andrea\Application Data\Big Fish Games
2009-08-29 20:53 . 2009-08-29 20:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 03:18 . 2009-08-14 14:38 -------- d-----w- c:\program files\dl_Cats
2009-09-28 03:16 . 2009-08-11 19:31 -------- d-----w- c:\program files\RealArcade
2009-09-28 03:04 . 2009-08-11 02:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-26 03:56 . 2009-08-11 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-24 05:09 . 2009-08-11 02:09 -------- d-----w- c:\program files\bfgclient
2009-09-12 05:01 . 2009-08-12 14:07 -------- d-----w- c:\program files\Google
2009-09-12 05:00 . 2009-08-17 03:53 -------- d-----w- c:\program files\Zylom Games
2009-09-04 21:44 . 2009-08-27 14:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 23:53 . 2009-08-28 23:53 -------- d-----w- c:\documents and settings\Andrea\Application Data\SprillRichiEng
2009-08-28 04:01 . 2009-08-28 04:01 -------- d-----w- c:\documents and settings\Andrea\Application Data\funkitron
2009-08-27 04:38 . 2009-08-27 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Astar Games
2009-08-27 04:01 . 2009-08-27 04:01 -------- d-----w- c:\documents and settings\Andrea\Application Data\Meridian93
2009-08-26 04:11 . 2009-08-26 04:11 -------- d-----w- c:\program files\Autumn's Treasures - The Jade Coin
2009-08-26 04:07 . 2009-08-26 04:07 -------- d-----w- c:\documents and settings\Andrea\Application Data\Games
2009-08-25 14:48 . 2009-08-25 14:48 -------- d-----w- c:\documents and settings\Andrea\Application Data\MA
2009-08-23 22:55 . 2009-08-23 22:40 -------- d-----w- c:\program files\QuickTime
2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-23 22:53 . 2009-08-23 22:53 -------- d-----w- c:\program files\Apple Software Update
2009-08-23 22:53 . 2009-08-23 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-21 16:14 . 2009-08-21 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-08-20 19:49 . 2009-08-08 12:44 -------- d-----w- c:\program files\Symantec
2009-08-20 19:49 . 2009-08-08 12:44 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-20 19:49 . 2009-08-08 12:44 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-20 19:49 . 2009-08-08 12:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-20 19:49 . 2009-08-08 12:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-20 03:13 . 2009-08-20 03:13 -------- d-----w- c:\documents and settings\Andrea\Application Data\PlayFirst
2009-08-20 03:13 . 2009-08-20 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-20 00:38 . 2009-08-20 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-20 00:25 . 2009-08-20 00:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 00:25 . 2009-08-20 00:25 -------- d-----w- c:\program files\Java
2009-08-20 00:22 . 2009-08-20 00:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-20 00:21 . 2009-08-20 00:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 18:59 . 2009-08-08 12:44 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-17 19:53 . 2009-08-17 19:53 -------- d-----w- c:\documents and settings\Andrea\Application Data\GameHousev1001
2009-08-17 04:34 . 2009-08-17 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-08-17 03:53 . 2009-08-17 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-15 04:47 . 2009-08-15 04:47 -------- d-----w- c:\documents and settings\Andrea\Application Data\PoBros
2009-08-15 04:47 . 2009-08-15 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-12 14:07 . 2009-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-11 18:15 . 2009-08-11 18:15 -------- d-----w- c:\program files\Dell Photo AIO Printer 922
2009-08-11 17:25 . 2009-08-11 17:25 -------- d-----w- c:\program files\MSBuild
2009-08-11 17:25 . 2009-08-11 17:25 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 17:18 . 2009-08-08 13:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 03:43 . 2009-08-11 03:43 -------- d-----w- c:\documents and settings\Andrea\Application Data\SulusGames
2009-08-11 03:43 . 2009-08-11 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2009-08-11 02:08 . 2009-08-11 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-11 01:56 . 2009-08-08 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-08-08 17:12 . 2009-08-08 17:12 -------- d-----w- c:\program files\Common Files\supportsoft
2009-08-08 17:10 . 2009-08-08 17:08 -------- d-----w- c:\program files\Common Files\Intuit
2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\program files\Intuit
2009-08-08 17:05 . 2009-08-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-08-08 17:05 . 2009-08-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-08-08 17:05 . 2009-08-08 17:05 -------- d-----w- c:\program files\MSXML 4.0
2009-08-08 16:57 . 2009-08-08 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-08 16:57 . 2009-08-08 16:57 -------- d-----w- c:\program files\CyberLink
2009-08-08 16:57 . 2009-08-08 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:29 . 2009-08-08 16:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-08 16:29 . 2009-08-08 16:29 -------- d-----w- c:\documents and settings\Andrea\Application Data\Roxio
2009-08-08 16:29 . 2009-08-08 16:29 -------- d-----w- c:\program files\InterActual
2009-08-08 16:25 . 2009-08-08 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-08 16:21 . 2009-08-08 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-08-08 16:20 . 2009-08-08 16:13 -------- d-----w- c:\program files\Roxio
2009-08-08 16:19 . 2009-08-08 16:14 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-08 16:19 . 2009-08-08 16:14 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-08 16:19 . 2009-08-08 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-08 16:14 . 2009-08-08 16:14 -------- d-----w- c:\program files\SmartSound Software
2009-08-08 16:13 . 2009-08-08 13:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-08 16:13 . 2009-08-08 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-08 14:47 . 2009-08-08 12:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-08 13:49 . 2009-08-08 13:49 -------- d-----w- c:\program files\MSECache
2009-08-08 13:20 . 2009-08-08 13:20 -------- d-----w- c:\program files\Common Files\L&H
2009-08-08 13:20 . 2009-08-08 13:20 -------- d-----w- c:\program files\Microsoft.NET
2009-08-08 13:20 . 2009-08-08 13:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-08 13:09 . 2009-08-08 13:09 -------- d-----w- c:\program files\Intel
2009-08-08 13:05 . 2009-08-08 13:03 -------- d-----w- c:\program files\Creative
2009-08-08 12:48 . 2009-08-08 12:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-08 12:44 . 2009-08-08 12:44 -------- d-----w- c:\program files\Norton AntiVirus
2009-08-08 12:44 . 2009-08-08 12:44 -------- d-----w- c:\program files\Windows Sidebar
2009-08-08 12:44 . 2009-08-08 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-08 12:43 . 2009-08-08 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-08 12:42 . 2009-08-08 12:42 -------- d-----w- c:\program files\NortonInstaller
2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\microsoft frontpage
2009-08-08 12:15 . 2009-08-08 12:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2004-08-12 13:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-12 13:17 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-12 13:34 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-12-9 984352]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [8/31/2009 7:01 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [8/31/2009 7:01 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [8/31/2009 7:00 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 5:47 PM 329080]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [8/31/2009 7:00 PM 117640]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 6:57 PM 102448]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Andrea\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Andrea\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [8/8/2009 8:40 AM 18048]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TS - c:\program files\TS\tsc.exe
AddRemove-TS - c:\program files\TS\tsc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-28 0:14
ComboFix-quarantined-files.txt 2009-09-28 04:14

Pre-Run: 138,798,931,968 bytes free
Post-Run: 140,183,646,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2009-09-09 07:03

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 fireman4it

Bleepin' Fireman

Malware Response Team
13,512 posts
OFFLINE

Gender:Male
Location:Greenup, Ill USA
Local time:09:10 AM

Posted 14 October 2009 - 11:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click

Back to top

#3 teacup61

Bleepin' Texan!

Malware Response Team
17,075 posts
OFFLINE

Gender:Female
Location:Wills Point, Texas
Local time:10:10 AM

Posted 24 October 2009 - 03:02 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic