Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google hates me too


  • This topic is locked This topic is locked
2 replies to this topic

#1 krisfris

krisfris

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 16 May 2011 - 03:08 PM

oy...

So - somewhere, somehow I read that based on the issue I was having with my computer I should run Combofix. Which I did and it "temporarily" worked. I downloaded this AFTER I had brought it to a professional dealer, only to be told he couldn't find anything wrong with my computer. The virus, trojan...whatever it is...keeps re-appearing. Here is the log that was created. I feel like I'm airing out my dirty laundry by posting this...but, here goes....

any help from a REAL computer savvy individual would be greatly appreciated. Thanx in advance.

ComboFix 11-05-15.04 - Kristin 05/16/2011 9:19.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -4:00]
Running from: c:\documents and settings\Kristin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Avira FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 07:01 . 2011-05-16 07:01 -------- d-----w- c:\windows\LastGood
2011-05-14 10:55 . 2011-05-14 10:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 15:22 . 2011-05-12 15:25 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-05-07 23:27 . 2011-05-07 23:28 -------- dc-h--w- c:\windows\ie8
2011-05-07 13:56 . 2011-05-07 13:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-04 17:46 . 2011-05-04 17:46 -------- d-----w- c:\documents and settings\Charles.VILLAGEMARKET\Application Data\Malwarebytes
2011-05-04 16:37 . 2011-05-04 16:37 -------- d-----w- c:\documents and settings\Kristin\DoctorWeb
2011-05-04 14:40 . 2011-05-04 14:40 -------- d-----w- c:\documents and settings\Kristin\Application Data\Malwarebytes
2011-05-04 14:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 14:40 . 2011-05-04 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-04 14:40 . 2011-05-04 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 14:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 14:38 . 2009-10-27 14:25 448 ----a-w- C:\delpm.bat
2011-05-04 14:38 . 2009-09-30 14:49 729 ----a-w- C:\user.bat
2011-05-04 14:38 . 2009-08-27 14:39 454 ----a-w- C:\autoplay_fix.bat
2011-05-04 14:28 . 2011-05-04 14:28 -------- d-----w- C:\temppm
2011-05-04 14:20 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-04 14:20 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-05-03 00:33 . 2011-05-03 00:34 48627714 ----a-w- C:\back up registry files may 2 2011.reg
2011-05-02 16:35 . 2011-05-02 16:33 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-05-02 16:35 . 2011-05-02 16:33 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-05-01 14:53 . 2011-05-01 14:53 -------- d-----w- c:\documents and settings\Charles.VILLAGEMARKET\Application Data\Avira
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\program files\Bonjour
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\program files\iTunes
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\program files\iPod
2011-04-22 23:34 . 2011-04-22 23:34 -------- d-----w- c:\documents and settings\Kristin\Application Data\Unity
2011-04-22 22:22 . 2011-05-03 11:37 -------- d-----w- c:\documents and settings\Kristin\Local Settings\Application Data\Unity
2011-04-17 23:47 . 2011-04-18 00:03 -------- d-s---w- c:\documents and settings\Administrator
2011-04-17 22:19 . 2011-04-17 22:19 -------- d-sh--w- c:\documents and settings\Charles.VILLAGEMARKET\IECompatCache
2011-04-17 21:55 . 2011-04-17 21:55 -------- d-----w- c:\documents and settings\Charles.VILLAGEMARKET\Local Settings\Application Data\Conduit
2011-04-17 21:54 . 2011-05-01 14:06 -------- d-----w- c:\documents and settings\Charles.VILLAGEMARKET\Local Settings\Application Data\MakeMeBabies_4
2011-04-17 17:51 . 2011-04-18 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iNi06504eKbNg06504
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 18:49 . 2011-03-10 15:52 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-17 13:08 . 2010-05-12 23:06 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 16:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 16:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 16:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 16:51 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-10 16:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 16:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 11:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-07 19:51 . 2010-11-07 19:51 105378136 ----a-w- c:\program files\blackberry open files.exe
2010-11-07 19:19 . 2010-11-07 19:19 9688392 ----a-w- c:\program files\winzip140.exe
2010-10-22 17:34 . 2010-10-22 17:34 13063352 ----a-w- c:\program files\ms virus spyware malware scan.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-12_14.50.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-15 21:35 . 2011-05-15 21:35 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2011-05-14 10:55 . 2011-05-14 10:55 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-14 10:55 . 2011-05-14 10:55 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-05-12 19:51 . 2011-05-12 19:51 223232 c:\windows\Installer\45f9ff.msi
+ 2011-05-12 19:49 . 2011-05-12 19:49 459264 c:\windows\Installer\45f9f9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-02 281768]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Kristin\Start Menu\Programs\Startup\
hpqtra08.exe [2004-11-4 258048]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kristin^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Kristin\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 01:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-10-21 18:45 169984 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-13 18:29 136176 ----atw- c:\documents and settings\Kristin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-08 23:20 110592 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-10-21 18:40 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Tray]
2009-08-16 15:35 167936 ----a-w- c:\program files\Upromise\UpromiseTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update]
2009-07-01 17:19 81920 ----a-w- c:\program files\Upromise\dca-ua.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"wlidsvc"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"SeaPort"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"GoToMyPC"=2 (0x2)
"KodakCCS"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BBSvc"=3 (0x3)
"AntiVirWebService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AntiVirMailService"=2 (0x2)
"AntiVirFirewallService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [5/2/2011 12:35 PM 102856]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [5/2/2011 12:35 PM 539304]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [5/2/2011 12:35 PM 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2010 7:06 PM 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [5/2/2011 12:35 PM 421032]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [5/2/2011 12:35 PM 79432]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 1:00 PM 277504]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/4/2011 10:40 AM 20952]
S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 7:44 PM 183560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362640487-2554030734-1200047213-1007Core.job
- c:\documents and settings\Kristin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-13 18:29]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362640487-2554030734-1200047213-1007UA.job
- c:\documents and settings\Kristin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-13 18:29]
.
2011-05-16 c:\windows\Tasks\User_Feed_Synchronization-{9D8E2262-BF11-4E39-A688-2DA52470C1C0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-05-16 c:\windows\Tasks\User_Feed_Synchronization-{DEBAEDC7-74C5-4800-A2DD-DA9D5F6F2EAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-05-16 c:\windows\Tasks\User_Feed_Synchronization-{F1F80CDA-839B-4DD4-8698-0F4C13BA0B09}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.midhudsonmls.com/XMLSearch/XMLCache.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 09:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3362640487-2554030734-1200047213-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(256)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-16 09:53:26
ComboFix-quarantined-files.txt 2011-05-16 13:53
ComboFix2.txt 2011-05-14 14:30
ComboFix3.txt 2011-05-12 15:48
ComboFix4.txt 2011-05-10 12:25
.
Pre-Run: 119,858,540,544 bytes free
Post-Run: 119,838,138,368 bytes free
.
- - End Of File - - 8967C8992BBD615BC5ED4D94D5CB650B

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:16 PM

Posted 27 May 2011 - 10:26 AM

Hello krisfris and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:16 PM

Posted 01 June 2011 - 07:46 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users