Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix has done something to my net connection


  • Please log in to reply
6 replies to this topic

#1 EmeraldPale

EmeraldPale

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 15 July 2010 - 07:18 AM

First off I hope this is the right place to post this.
Basicly the long and the short of it is, I somehow got infected with a trojan dnschanger, finally find a guide on here to removing using combofix which worked but afterwards despite rebooting, disabling, repairing..etc my local area net connection would not work, it would be constantly "acquiring network address" or something for hours on end, at the end of my tether I decided to run combofix again and after doing that and disabling and then repairing the net came back on! brilliant!
I'm not the biggest computer person, I know a little bit and how to do some stuff and I've googled this problem and seen others have had a similar one, but I'm not sure what I should do now as I don't want to make things worse.
The only other thing I can think to mention is when I started combofix, both times, a box pops up saying "pev.cfxxe" has had to been closed or something and the normal send error report options, I really don't have a clue what that means, but it may be relevant!

once again sorry if this is in the wrong place, I'm all very confused by this and I don't want to mess up my PC any more than already has been done. Please help!!!!!!

Thank you, Amy.

EDIT: Moved from Web Browsing to Am I Infected forum ~ Hamluis.

Edited by hamluis, 15 July 2010 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 EmeraldPale

EmeraldPale
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 15 July 2010 - 08:07 PM

Sorry for posting it in the wrong place!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 PM

Posted 15 July 2010 - 10:33 PM

Hello
Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 EmeraldPale

EmeraldPale
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 16 July 2010 - 06:39 AM

The was already unchecked and I tried the winsock reset thing and once again I've had to run combofix just to get online. Thank you for taking the time out to help tho, very much appreciated.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 PM

Posted 16 July 2010 - 07:13 PM

Ok, well we are pushing our luck.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
post your ComboFix log.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 EmeraldPale

EmeraldPale
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 17 July 2010 - 11:05 AM

I tried the whole Gmer thing, but so far it's crashed twice, last time I did it it had been going for 3 hours before crashing.

This is the last combofix log from when I just ran it so I could get online.


ComboFix 10-07-13.08 - amy 17/07/2010 16:50:19.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.517 [GMT 1:00]
Running from: c:\documents and settings\carol\Desktop\rename.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-16 00:10 . 2010-07-16 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\xml_param
2010-07-15 23:59 . 2010-04-14 17:12 892928 ----a-w- c:\windows\system32\iconv.dll
2010-07-15 23:59 . 2010-07-16 00:08 -------- d-----w- c:\program files\iSkysoft
2010-07-15 23:56 . 2010-07-15 23:56 -------- d-----w- C:\Converted
2010-07-15 23:53 . 2010-07-15 23:55 -------- d-----w- C:\vid
2010-07-15 23:52 . 2010-07-15 23:52 -------- d-----w- C:\trans
2010-07-15 23:49 . 2010-07-15 23:59 -------- d-----w- c:\program files\AllToAVI
2010-07-15 16:04 . 2010-07-15 16:04 -------- d-----w- c:\documents and settings\carol\Application Data\Leawo
2010-07-15 15:35 . 2010-07-15 15:35 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 15:35 . 2010-07-15 15:35 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 15:35 . 2010-07-15 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:33 . 2010-07-15 15:33 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 15:33 . 2010-07-15 15:33 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 15:33 . 2010-07-15 15:33 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 15:33 . 2010-07-15 15:33 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-15 13:14 . 2010-07-16 11:02 -------- d-----w- c:\documents and settings\carol\Local Settings\Application Data\DVD Profiler
2010-07-15 01:02 . 2010-07-15 01:02 -------- d-----w- c:\documents and settings\carol\Application Data\mkvtoolnix
2010-07-15 00:05 . 2010-07-15 00:13 -------- d-----w- C:\rename
2010-07-14 23:52 . 2010-07-14 23:52 -------- d-----w- c:\documents and settings\am3
2010-07-14 23:06 . 2010-07-14 23:24 -------- d-----w- c:\documents and settings\Amy2
2010-07-14 14:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 14:57 . 2010-07-14 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 14:57 . 2010-07-14 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 14:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 14:35 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\carol\Application Data\Simply Super Software\Trojan Remover\hcp32.exe
2010-07-14 14:13 . 2010-07-14 14:13 -------- d-----w- c:\windows\EFE9ACA6605640CD83250E0BE2CB622B.TMP
2010-07-14 01:14 . 2010-07-14 01:14 -------- d-----w- c:\documents and settings\carol\Application Data\Media Player Classic
2010-07-13 23:59 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-07-13 23:59 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-13 23:59 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-13 23:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-13 23:59 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-13 23:59 . 2010-07-14 00:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-13 23:52 . 2010-07-14 01:12 -------- d-----w- C:\DVDTemp
2010-07-13 23:47 . 2010-07-14 14:14 -------- d-----w- c:\program files\Free DVD Creator
2010-07-09 10:20 . 2010-07-16 10:46 -------- d-----w- c:\documents and settings\carol\Application Data\PriceGong
2010-07-08 15:09 . 2010-07-08 15:09 -------- d-----w- c:\documents and settings\All Users\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
2010-07-08 15:09 . 2010-07-08 15:09 -------- d-----w- C:\temp_dvd
2010-07-08 15:09 . 2010-07-08 15:09 -------- d-----w- C:\IDEALDVDCOPY_TEMP
2010-07-08 15:09 . 2010-07-14 14:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 15:08 . 2010-07-08 15:08 -------- d-----w- c:\documents and settings\carol\Application Data\Simply Super Software
2010-07-08 15:08 . 2010-07-08 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-08 11:42 . 2010-07-08 15:07 -------- d-----w- c:\program files\DVDFab 7
2010-07-02 23:57 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\carol\Application Data\Simply Super Software\Trojan Remover\oyl88.exe
2010-07-02 23:50 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\carol\Application Data\Simply Super Software\Trojan Remover\kbh54.exe
2010-07-02 23:49 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-07-02 23:49 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-07-02 23:49 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-07-02 23:49 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-07-02 23:49 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-07-02 23:49 . 2010-07-08 15:08 -------- d-----w- c:\program files\Trojan Remover
2010-07-02 23:49 . 2010-07-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-07-02 21:00 . 2010-07-02 21:00 63488 ----a-w- c:\documents and settings\carol\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-02 21:00 . 2010-07-02 21:00 52224 ----a-w- c:\documents and settings\carol\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-02 21:00 . 2010-07-02 21:00 117760 ----a-w- c:\documents and settings\carol\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-02 21:00 . 2010-07-02 21:00 -------- d-----w- c:\documents and settings\carol\Application Data\SUPERAntiSpyware.com
2010-07-02 21:00 . 2010-07-14 14:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 19:41 . 2010-07-02 21:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-02 19:41 . 2010-07-02 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-02 19:41 . 2010-07-02 19:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-29 15:08 . 2010-07-14 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-29 15:08 . 2010-07-14 17:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-29 14:21 . 2010-06-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-29 14:20 . 2010-06-29 14:20 -------- d-----w- c:\program files\Common Files\iS3
2010-06-29 14:19 . 2010-06-29 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-28 21:03 . 2010-06-29 11:49 -------- d-----w- c:\program files\AutomationLabs
2010-06-22 12:54 . 2010-07-08 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-21 13:16 . 2010-07-13 23:51 -------- d-----w- c:\documents and settings\carol\Application Data\Vso
2010-06-21 13:16 . 2010-06-21 13:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-21 13:16 . 2010-06-21 13:16 47360 ----a-w- c:\documents and settings\carol\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 21:35 . 2010-02-24 13:22 -------- d-----w- c:\documents and settings\carol\Application Data\vlc
2010-07-16 21:31 . 2010-03-18 12:46 -------- d-----w- c:\documents and settings\carol\Application Data\dvdcss
2010-07-15 15:35 . 2010-03-28 13:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:33 . 2010-03-28 13:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 14:15 . 2010-04-23 14:08 -------- d-----w- c:\program files\QuickTime
2010-07-14 14:15 . 2010-06-03 16:30 -------- d-----w- c:\program files\WinAVI Video Converter
2010-07-14 14:13 . 2010-06-10 17:31 -------- d-----w- c:\program files\Philips
2010-07-14 14:11 . 2009-12-19 00:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-14 14:08 . 2009-12-11 18:56 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-14 13:29 . 2010-02-17 17:05 -------- d-----w- c:\documents and settings\carol\Application Data\BitTorrent
2010-07-14 10:38 . 2010-03-28 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-14 10:33 . 2008-07-04 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-11 12:08 . 2010-06-28 21:04 9680 ----a-w- c:\documents and settings\carol\Application Data\settings.dat
2010-07-08 15:08 . 2008-07-07 09:49 -------- d-----w- c:\program files\EndNote X1
2010-07-06 10:52 . 2008-07-04 13:39 -------- d-----w- c:\program files\courseGenie
2010-07-02 08:37 . 2010-06-13 23:20 -------- d-----w- c:\documents and settings\carol\Application Data\Facebook
2010-06-29 14:27 . 2010-06-29 14:26 456 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 11:52 . 2009-12-11 01:34 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-29 11:44 . 2009-12-19 00:30 -------- d-----w- c:\program files\NCH Software
2010-06-29 11:44 . 2009-12-19 00:47 -------- d-----w- c:\documents and settings\carol\Application Data\NCH Software
2010-06-29 11:40 . 2010-02-25 17:53 -------- d-----w- c:\program files\DivX
2010-06-29 11:40 . 2010-03-13 02:45 -------- d-----w- c:\program files\Plasma Pong
2010-06-25 19:47 . 2009-12-19 00:37 -------- d-----w- c:\documents and settings\carol\Application Data\NCH Swift Sound
2010-06-14 14:31 . 2008-07-04 12:16 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 23:20 . 2010-06-13 23:20 50354 ----a-w- c:\documents and settings\carol\Application Data\Facebook\uninstall.exe
2010-06-10 17:32 . 2010-06-10 17:32 -------- d-----w- c:\documents and settings\carol\Application Data\Philips-Songbird
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\carol\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-06 22:02 . 2010-06-03 16:24 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-06-03 11:28 . 2010-03-28 13:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 22:33 . 2010-05-28 22:33 -------- d-----w- c:\documents and settings\carol\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-05-28 22:32 . 2010-05-28 22:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-28 22:31 . 2010-05-28 22:33 38784 ----a-w- c:\documents and settings\carol\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-28 17:49 . 2010-05-28 17:49 503808 ----a-w- c:\documents and settings\carol\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-330dd0cf-n\msvcp71.dll
2010-05-28 17:49 . 2010-05-28 17:49 499712 ----a-w- c:\documents and settings\carol\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-330dd0cf-n\jmc.dll
2010-05-28 17:49 . 2010-05-28 17:49 348160 ----a-w- c:\documents and settings\carol\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-330dd0cf-n\msvcr71.dll
2010-05-28 17:49 . 2010-05-28 17:49 12800 ----a-w- c:\documents and settings\carol\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a7ca515-n\decora-d3d.dll
2010-05-28 17:49 . 2010-05-28 17:49 61440 ----a-w- c:\documents and settings\carol\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a7ca515-n\decora-sse.dll
2010-05-14 14:04 . 2010-05-14 14:04 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-06 16:28 . 2010-05-06 16:28 58724 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:40 . 2009-12-09 18:27 73608 ----a-w- c:\documents and settings\carol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-14_15.32.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-23 00:35 . 2005-09-23 00:35 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2010-07-17 15:46 . 2010-07-17 15:46 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
- 2004-08-04 12:00 . 2010-06-24 01:55 78900 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-07-14 20:53 78900 c:\windows\system32\perfc009.dat
+ 1998-08-08 22:07 . 1998-08-08 22:07 94208 c:\windows\system32\MSSTKPRP.DLL
+ 2006-03-18 13:16 . 2006-03-18 13:16 540178 c:\windows\system32\x264vfw.dll
+ 2009-12-11 01:26 . 2010-07-14 17:58 353740 c:\windows\system32\Restore\rstrlog.dat
- 2004-08-04 12:00 . 2010-06-24 01:55 464632 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-14 20:53 464632 c:\windows\system32\perfh009.dat
+ 2010-07-15 16:03 . 2010-07-15 16:03 121344 c:\windows\Installer\ffe645.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-29 2736736]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-29 14:47 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-29 2736736]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-29 2736736]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
user.bat [2008-7-8 1057]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/03/2010 14:38 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/03/2010 14:37 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/03/2010 14:36 308136]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [28/03/2010 14:38 369920]
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{41054E86-1991-4AC4-AE1E-A8C5C6742F3D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{4B81423D-B57A-4BA8-BC8A-E7FA79CE9048}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{7B9E7183-6C1C-4760-9B6A-19030A16C4CF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9091E4C1-1989-4A41-B08D-14359F11962B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{90B91036-7199-42BA-8078-6987826589B0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: cnet.com\download
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100225151801
DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18}
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\carol\Application Data\Mozilla\Firefox\Profiles\84x5jczc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\carol\Application Data\Mozilla\Firefox\Profiles\84x5jczc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\carol\Application Data\Mozilla\Firefox\Profiles\84x5jczc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\carol\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-17 16:57:29
ComboFix-quarantined-files.txt 2010-07-17 15:57
ComboFix2.txt 2010-07-17 13:06
ComboFix3.txt 2010-07-17 01:19
ComboFix4.txt 2010-07-16 11:12
ComboFix5.txt 2010-07-17 15:49

Pre-Run: 25,388,408,832 bytes free
Post-Run: 25,373,614,080 bytes free

- - End Of File - - 83AE2DCC842ED8CB4B1DDFBF31353F8A

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 PM

Posted 17 July 2010 - 01:12 PM

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip GMER.
Include the ComboFix log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users