Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help on Analyzing ComboFix Log Report


  • This topic is locked This topic is locked
2 replies to this topic

#1 leone

leone

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 December 2010 - 03:22 PM

ComboFix 10-12-11.01 - Kaveh 12/11/2010 20:40:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.620 [GMT 1:00]
Running from: c:\documents and settings\Kaveh\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 19:17 . 2010-12-11 19:17 -------- d-----w- c:\program files\Safer Networking
2010-12-11 17:43 . 2010-12-11 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-11 17:43 . 2010-12-11 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-11 16:42 . 2010-12-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-11 14:53 . 2010-12-11 14:53 -------- d-----w- c:\documents and settings\Kaveh\Local Settings\Application Data\Vuze_Remote
2010-12-08 22:55 . 2010-12-08 22:55 -------- d-----w- c:\program files\NCH Software
2010-12-08 22:55 . 2010-12-08 22:55 52824 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2010-12-08 22:55 . 2010-12-08 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-12-08 22:54 . 2010-12-08 22:55 -------- d-----w- c:\program files\NCH Swift Sound
2010-12-08 22:54 . 2010-12-08 22:55 -------- d-----w- c:\documents and settings\Kaveh\Application Data\NCH Swift Sound
2010-12-08 22:48 . 2010-12-08 22:48 -------- d-----w- c:\documents and settings\Kaveh\Local Settings\Application Data\WMA-MP3.com
2010-12-08 22:48 . 2010-12-08 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-08 22:47 . 2010-12-08 22:47 -------- d-----w- c:\program files\WMA-MP3.com
2010-12-05 16:04 . 2010-12-06 17:42 -------- d-----w- c:\documents and settings\Kaveh\Calibre Library
2010-12-05 16:04 . 2010-12-05 23:52 -------- d-----w- c:\documents and settings\Kaveh\Application Data\calibre
2010-12-05 16:02 . 2010-12-05 16:03 -------- d-----w- c:\program files\Calibre2
2010-12-04 23:42 . 2010-12-04 23:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-04 23:41 . 2010-12-04 23:41 -------- d-----w- c:\program files\Norton Internet Security
2010-12-04 23:41 . 2010-12-04 23:41 -------- d-----w- c:\program files\Symantec
2010-12-04 23:40 . 2010-12-04 23:40 -------- d-----w- c:\program files\Common Files\Java
2010-12-04 22:14 . 2010-12-04 22:14 -------- d-----w- c:\program files\Lavasoft(2)
2010-12-04 22:09 . 2010-12-04 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-12-04 21:32 . 2010-12-04 23:41 -------- d-----w- c:\documents and settings\Kaveh\Application Data\AVG7
2010-12-04 21:32 . 2010-12-04 23:41 -------- d-----w- c:\program files\Grisoft(2)
2010-12-04 21:32 . 2010-12-04 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft(2)
2010-12-04 21:26 . 2009-08-03 17:27 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-11-28 19:23 . 2010-11-28 19:28 -------- d-----w- c:\documents and settings\Kaveh\Application Data\FXTS2
2010-11-28 19:22 . 2010-11-28 19:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BA8E87A7-6DD8-4BBB-9151-5CE7F071478C}
2010-11-28 19:22 . 2010-11-28 19:22 -------- d-----w- c:\program files\Candleworks
2010-11-28 19:21 . 2010-11-28 19:21 -------- d-----w- c:\documents and settings\Kaveh\Local Settings\Application Data\PackageAware
2010-11-25 23:29 . 2010-11-25 23:29 -------- d-----w- c:\program files\Veoh Networks
2010-11-20 17:53 . 2010-11-20 17:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Vuze_Remote
2010-11-13 14:52 . 2010-11-26 19:01 -------- d-----w- c:\documents and settings\Kaveh\Application Data\DivX
2010-11-13 14:49 . 2010-11-13 14:53 -------- d-----w- c:\program files\DivX
2010-11-13 14:49 . 2010-11-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-12-11_17.28.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 19:31 . 2010-12-11 19:31 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
+ 2010-12-11 19:30 . 2010-12-11 19:30 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2009-07-28 03:14 . 2010-12-11 19:34 69230 c:\windows\system32\perfc009.dat
- 2009-07-28 03:14 . 2010-12-11 16:57 69230 c:\windows\system32\perfc009.dat
+ 2009-07-28 03:14 . 2010-12-11 19:34 437170 c:\windows\system32\perfh009.dat
- 2009-07-28 03:14 . 2010-12-11 16:57 437170 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ------w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2006-08-15 09:09 2663480 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 10:29 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-07-28 04:23 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-09 20:55 136176 ----atw- c:\documents and settings\Kaveh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-01-14 11:41 771704 ----a-w- c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2008-07-29 18:29 200704 ----a-w- c:\windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-24 08:01 18702336 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-27 14:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-06 02:32 1430824 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbhSystray]
2010-12-11 19:30 492840 ----a-w- c:\program files\tbh\base\bin\tbhSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-29 19:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kaveh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:*:Disabled:The Browser Highlighter XCOM
"7159:TCP"= 7159:TCP:gvihcx

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/28/2009 6:05 AM 237568]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/28/2009 4:14 AM 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [11/27/2009 3:51 PM 145152]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [12/8/2010 11:55 PM 52824]
S2 djlccpnj;Server Shell;c:\windows\system32\svchost.exe -k netsvcs [7/28/2009 4:14 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/28/2009 5:22 AM 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/28/2009 5:23 AM 24064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/28/2009 5:17 AM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
djlccpnj
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-08 c:\windows\Tasks\expressripSevenDays.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-12-08 22:55]

2010-12-08 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-12-08 22:55]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689853989-4289662072-757298511-1006Core.job
- c:\documents and settings\Kaveh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 20:55]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689853989-4289662072-757298511-1006UA.job
- c:\documents and settings\Kaveh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 20:55]

2010-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3689853989-4289662072-757298511-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3689853989-4289662072-757298511-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-08 c:\windows\Tasks\soundtapSevenDays.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-12-08 22:55]

2010-12-08 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-12-08 22:55]

2010-12-08 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-08 22:54]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{FCB1B160-EF1C-4F10-A884-90966FB8B2B6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-12-08 c:\windows\Tasks\wavepadSevenDays.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-08 22:55]

2010-12-08 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-08 22:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: unva.edu\cams
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Kaveh\Application Data\Mozilla\Firefox\Profiles\tvxz92ai.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4021
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Kaveh\Application Data\Mozilla\Firefox\Profiles\tvxz92ai.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Kaveh\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Kaveh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Kaveh\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Kaveh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 20:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\djlccpnj]
"ServiceDll"="c:\windows\system32\mnqqdlhz.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(828)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-11 20:49:36
ComboFix-quarantined-files.txt 2010-12-11 19:49
ComboFix2.txt 2010-12-11 17:32

Pre-Run: 113,471,041,536 bytes free
Post-Run: 113,454,686,208 bytes free

- - End Of File - - DB995B89DCF4047A1F8778E6CA619611

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:16 PM

Posted 19 December 2010 - 07:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:16 PM

Posted 24 December 2010 - 08:52 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users