Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pc slow 150 outbound connections help pls


  • This topic is locked This topic is locked
2 replies to this topic

#1 jennifor

jennifor

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:us
  • Local time:05:24 AM

Posted 05 June 2010 - 10:40 PM

hi , running vista installed comodo firewall when i launch firefox get up to 150 outbound connections then after a minute or so they are gone.i get kicked from internet a lot . i am wi-fi at a hotel its unsecured. i dont know where i got this or how long it is been on my pc if it is a virus . pls help me. this is my first pc . i have no idea what is going on still a noob. thank u in advance for any help . pls help

ComboFix 10-06-03.01 - jkr 06/06/2010 16:33:51.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1014.414 [GMT -8:00]
Running from: c:\users\jkr\Downloads\c-fixed.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 00:46 . 2010-06-07 00:47 -------- d-----w- c:\users\jkr\AppData\Local\temp
2010-06-07 00:46 . 2010-06-07 00:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-07 00:46 . 2010-06-07 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 04:27 . 2010-06-06 04:34 -------- d-----w- c:\windows\system32\SmitfraudFix
2010-06-06 03:25 . 2010-06-06 03:44 -------- d-----w- C:\c-fixed19940c
2010-06-06 03:23 . 2010-06-06 03:23 -------- d-----w- C:\c-fixed
2010-06-06 00:55 . 2010-06-06 00:55 -------- d-----w- C:\New Folder
2010-06-04 21:34 . 2010-06-04 21:35 -------- d-----w- c:\programdata\COMODO
2010-06-04 14:11 . 2010-06-04 14:11 -------- d-----w- c:\program files\COMODO
2010-06-04 14:08 . 2010-06-04 14:09 -------- d-----w- c:\programdata\Comodo Downloader
2010-05-31 09:45 . 2010-05-31 09:45 -------- d-----w- c:\users\jkr\AppData\Local\CircleDock
2010-05-31 09:44 . 2010-05-31 09:44 -------- d-----w- c:\program files\Circle Dock
2010-05-31 09:44 . 2010-05-31 09:44 -------- d-----w- C:\Circle Dock AddIns
2010-05-28 03:23 . 2010-05-28 03:23 -------- d-----w- c:\program files\TrendMicro
2010-05-27 00:44 . 2010-05-27 00:44 4369388 ---ha-w- c:\windows\system32\drivers\spython.bin
2010-05-26 23:21 . 2010-05-26 23:21 2855 ----a-w- c:\windows\system32\mscdexnt.PIF
2010-05-25 21:12 . 2010-05-25 21:12 -------- d--h--w- c:\windows\PIF
2010-05-24 02:37 . 2010-06-07 00:24 -------- d-----w- c:\program files\iolo
2010-05-24 02:36 . 2010-06-07 00:24 -------- d-----w- c:\programdata\iolo
2010-05-24 02:36 . 2010-05-24 02:37 -------- d-----w- c:\users\jkr\AppData\Roaming\iolo
2010-05-23 21:49 . 2010-05-23 21:49 -------- d-----w- c:\users\jkr\AppData\Local\Mozilla
2010-05-22 05:03 . 2010-05-22 05:03 -------- d-----w- c:\users\jkr\AppData\Roaming\Malwarebytes
2010-05-19 20:40 . 2010-05-19 20:40 70888 ----a-w- c:\users\jkr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 20:26 . 2010-05-19 20:29 -------- d-----w- c:\users\jkr\AppData\Roaming\.k3d
2010-05-19 19:20 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 19:20 . 2010-05-19 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 19:20 . 2010-05-19 19:20 -------- d-----w- c:\programdata\Malwarebytes
2010-05-19 19:20 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 03:39 . 2010-05-17 03:39 -------- d-----w- c:\programdata\KingsIsle Entertainment
2010-05-13 21:02 . 2010-05-13 21:02 319456 ----a-w- c:\windows\DIFxAPI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 00:25 . 2007-02-24 18:34 -------- d-----w- c:\program files\Sony
2010-06-07 00:25 . 2007-02-24 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 04:33 . 2010-06-06 01:19 691 ----a-w- c:\users\jkr\AppData\Roaming\GetValue.vbs
2010-06-06 04:33 . 2010-06-06 01:19 35 ----a-w- c:\users\jkr\AppData\Roaming\SetValue.bat
2010-06-04 10:25 . 2010-04-17 09:57 -------- d-----w- c:\program files\Vuze
2010-05-24 06:23 . 2010-05-06 15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 06:23 . 2010-05-06 15:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-19 20:23 . 2010-05-19 20:23 -------- d-----w- c:\users\jkr\AppData\Roaming\Sony Corporation
2010-05-13 21:06 . 2010-05-13 21:01 -------- d--h--w- c:\program files\Temp
2010-04-27 10:59 . 2010-04-27 10:59 -------- d-----w- c:\program files\NewFreeScreensavers
2010-04-26 14:51 . 2010-04-26 14:51 -------- d-----w- c:\program files\FileSubmit
2010-04-24 12:49 . 2010-04-23 22:20 -------- d-----w- c:\program files\Silkroad
2010-04-21 21:46 . 2010-04-21 20:34 -------- d-----w- c:\program files\WhatsRunning
2010-04-18 03:31 . 2010-04-17 10:28 -------- d-----w- c:\programdata\Norton
2010-04-18 03:29 . 2010-04-17 10:00 -------- d-----w- c:\program files\Microsoft
2010-04-17 10:28 . 2009-12-29 12:33 -------- d-----w- c:\programdata\Symantec
2010-04-17 10:28 . 2010-04-17 10:28 -------- d-----w- c:\programdata\NortonInstaller
2010-04-17 09:58 . 2010-04-17 09:58 -------- d-----w- c:\programdata\Azureus
2010-04-16 07:46 . 2010-04-16 07:46 -------- d-----w- c:\program files\Elaborate Bytes
2010-04-15 01:55 . 2010-05-13 21:01 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-04-12 00:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-12 00:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-12 00:39 . 2010-04-12 00:39 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-12 00:39 . 2010-04-12 00:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-04-12 00:39 . 2010-04-12 00:39 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 00:39 . 2010-04-12 00:39 24064 ----a-w- c:\windows\system32\lpk.dll
2010-04-12 00:39 . 2010-04-12 00:39 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-12 00:39 . 2010-04-12 00:39 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-12 00:37 . 2010-04-12 00:37 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-04-12 00:37 . 2010-04-12 00:37 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-04-12 00:37 . 2010-04-12 00:37 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-04-12 00:37 . 2010-04-12 00:37 272896 ----a-w- c:\windows\system32\polstore.dll
2010-04-12 00:36 . 2010-04-12 00:36 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-12 00:36 . 2010-04-12 00:36 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-12 00:34 . 2010-04-12 00:34 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-04-12 00:34 . 2010-04-12 00:34 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-04-12 00:34 . 2010-04-12 00:34 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-04-12 00:33 . 2010-04-12 00:33 15360 ----a-w- c:\windows\system32\netevent.dll
2010-04-12 00:33 . 2010-04-12 00:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-12 00:33 . 2010-04-12 00:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-12 00:33 . 2010-04-12 00:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-12 00:33 . 2010-04-12 00:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-12 00:33 . 2010-04-12 00:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-12 00:33 . 2010-04-12 00:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-12 00:33 . 2010-04-12 00:33 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-12 00:33 . 2010-04-12 00:33 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-12 00:31 . 2010-04-12 00:31 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-04-12 00:31 . 2010-04-12 00:31 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-04-12 00:30 . 2010-04-12 00:30 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-12 00:30 . 2010-04-12 00:30 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-12 00:30 . 2010-04-12 00:30 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-12 00:30 . 2010-04-12 00:30 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-12 00:30 . 2010-04-12 00:30 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-04-12 00:30 . 2010-04-12 00:30 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-12 00:28 . 2010-04-12 00:28 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-04-12 00:28 . 2010-04-12 00:28 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-12 00:28 . 2010-04-12 00:28 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-04-12 00:28 . 2010-04-12 00:28 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-04-12 00:27 . 2010-04-12 00:27 7680 ----a-w- c:\windows\system32\lsass.exe
2010-04-12 00:27 . 2010-04-12 00:27 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-12 00:27 . 2010-04-12 00:27 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-12 00:27 . 2010-04-12 00:27 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-12 00:27 . 2010-04-12 00:27 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-12 00:27 . 2010-04-12 00:27 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-12 00:26 . 2010-04-12 00:26 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-04-12 00:26 . 2010-04-12 00:26 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-04-12 00:24 . 2010-04-12 00:24 98816 ----a-w- c:\windows\system32\mfps.dll
2010-04-12 00:24 . 2010-04-12 00:24 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-04-12 00:24 . 2010-04-12 00:24 2855424 ----a-w- c:\windows\system32\mf.dll
2010-04-12 00:24 . 2010-04-12 00:24 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-04-12 00:24 . 2010-04-12 00:24 2048 ----a-w- c:\windows\system32\mferror.dll
2010-04-12 00:21 . 2010-04-12 00:21 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-04-12 00:20 . 2010-04-12 00:20 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-12 00:18 . 2010-04-12 00:18 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-04-12 00:15 . 2010-04-12 00:15 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-04-12 00:14 . 2010-04-12 00:14 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-04-12 00:14 . 2010-04-12 00:14 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-04-12 00:13 . 2010-04-12 00:13 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-12 00:11 . 2010-04-12 00:11 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-04-12 00:11 . 2010-04-12 00:11 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-04-12 00:11 . 2010-04-12 00:11 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-04-12 00:10 . 2010-04-12 00:10 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-04-12 00:07 . 2010-04-12 00:07 414208 ----a-w- c:\windows\system32\msscp.dll
2010-04-12 00:06 . 2010-04-12 00:06 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-04-12 00:06 . 2010-04-12 00:06 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-04-12 00:06 . 2010-04-12 00:06 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-04-12 00:06 . 2010-04-12 00:06 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-04-12 00:06 . 2010-04-12 00:06 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-04-12 00:06 . 2010-04-12 00:06 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-12 00:06 . 2010-04-12 00:06 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-04-12 00:06 . 2010-04-12 00:06 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-12 00:06 . 2010-04-12 00:06 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-11 23:59 . 2010-04-11 23:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-11 23:57 . 2010-04-11 23:57 696832 ----a-w- c:\windows\system32\localspl.dll
2010-04-11 23:56 . 2010-04-11 23:56 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-04-11 23:54 . 2010-04-11 23:54 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-11 23:54 . 2010-04-11 23:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-04-11 23:54 . 2010-04-11 23:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-04-11 23:54 . 2010-04-11 23:54 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-04-11 23:54 . 2010-04-11 23:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
2009-11-04 18:14 . 2010-05-06 15:56 1168216 --sha-r- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Program Files\Spybot - Search & Destroy\advcheck.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\pagefile.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Boot\bootstat.dat
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Users\jkr\NTUSER.DAT
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
2006-11-02 12:34 . 2006-11-02 12:34 397312 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
2006-11-02 12:34 . 2006-11-02 12:34 397312 --sha-w- c:\windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\System32\ss64\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 23:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-01-23 04:39 321656 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2006-11-02 09:45 222208 ----a-w- c:\windows\System32\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 05:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2010-05-01 01:25 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-02-24 17:34 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-11-28 22:30 2150400 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-02 12:34 1004136 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder

2007-02-24 c:\windows\Tasks\Vaio Service Utility.job
- c:\program files\Sony\Vaio Service Utility\VAIO-SU.exe [2007-02-16 12:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\jkr\AppData\Roaming\Mozilla\Firefox\Profiles\6vbla4fk.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-ioloDelayModule - c:\program files\iolo\System Mechanic 6\delay.exe
MSConfigStartUp-SMSystemAnalyzer - c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 16:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-06 17:00:40
ComboFix-quarantined-files.txt 2010-06-07 01:00
ComboFix2.txt 2010-06-06 03:44

Pre-Run: 90,159,685,632 bytes free
Post-Run: 90,113,581,056 bytes free

- - End Of File - - E09149A36175262B9763DA142E0CBA44
cant get hijack to run i will try to post if i get it any help would be great ty

Merging posts and moving to log forum. ~ OB

Edited by Orange Blossom, 06 June 2010 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:24 AM

Posted 09 June 2010 - 01:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:24 AM

Posted 13 June 2010 - 02:24 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users