Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 siobhanoid

siobhanoid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 May 2011 - 11:49 AM

Hello,

I got a backdoor trojan and it caused a number of problems, including re-directing google. I tried about five different removal softwares, including stopzilla, malwarebites, dr web, among others. None of them worked and the virus seemed to be spreading every time I restarted my computer. A friend of mine recommended Combo Fix which i used, i realise now i should have probably gotten advice here first, but it is done now. It does not seem to have harmed my computer but i am unsure yet whether it has fixed anything. I have a samsung netbook with windows xp. If someone could have a look at my log and give me any advice that would be brilliant.


Thanks

Siobhan


ComboFix 11-05-23.02 - Siobhan Callus 24/05/2011 16:46:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.622 [GMT 1:00]
Running from: c:\documents and settings\Siobhan Callus\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\NetworkService\Local Settings\Application Data\loyerty.dll
c:\documents and settings\NetworkService\Local Settings\Application Data\mekomdo.dll
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Siobhan Callus\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Siobhan Callus\Application Data\Upfeo\uxev.exe
c:\windows\system32\1235420407.dat
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\J.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.xml
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-10 13:00 . 2011-05-24 16:11 -------- d-----w- c:\program files\pyntkkub
2011-04-30 12:06 . 2011-04-30 12:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-04-30 12:05 . 2011-04-30 12:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\PriceGong
2011-04-30 12:05 . 2011-04-30 12:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2011-04-30 12:02 . 2011-04-30 12:02 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-04-28 23:17 . 2011-05-03 07:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PriceGong
2011-04-26 19:55 . 2011-04-26 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-04-26 19:54 . 2011-04-26 19:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2011-04-26 19:53 . 2011-04-26 19:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-04-26 19:52 . 2011-05-03 07:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-04-26 19:52 . 2011-04-28 23:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\searchqutoolbar
2011-04-26 19:52 . 2011-04-26 19:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\searchquband
2011-04-25 02:29 . 2011-04-25 02:29 -------- d-----w- c:\documents and settings\Siobhan Callus\Local Settings\Application Data\Greyfirst
2011-04-25 02:29 . 2011-04-25 02:29 -------- d-----w- c:\documents and settings\Siobhan Callus\Application Data\Greyfirst
2011-04-25 02:21 . 2011-05-19 16:44 -------- d-----w- c:\program files\Celtx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 20:46 . 2011-04-22 12:49 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ------w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-02 3153408]
"SUPBackground"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-21 298664]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-09 232912]
.
c:\documents and settings\Siobhan Callus\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\pyntkkub\xffguner.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
.
R1 ethaqptw;ethaqptw;c:\windows\system32\drivers\ethaqptw.sys [2011-04-19 135680]
R2 DnscacheProtectedStorage;DNS Client DnscacheProtectedStorage;c:\windows\system32\1037b.exe [2008-04-14 51200]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 135664]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9728]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\DRIVERS\SUE_PD.sys [2006-08-01 19840]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2005-10-27 4300]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-05-08 517504]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfsxp.sys [2010-04-24 554344]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplayxp.sys [2010-04-24 211432]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirxp.sys [2010-04-24 20584]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolxp.sys [2010-04-24 18280]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\Drivers\VMC33F.sys [2009-07-01 237952]
S4 Micorsoft Windows Service;Micorsoft Windows Service;c:\docume~1\SIOBHA~1\LOCALS~1\Temp\ftgnxkwe.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 21:51]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 21:51]
.
2011-05-24 c:\windows\Tasks\User_Feed_Synchronization-{7CFFFFC7-254B-4839-9864-6EFA0EA87C7D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Siobhan Callus\Application Data\Mozilla\Firefox\Profiles\pdm45pcn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{866A04D9-2D71-DE0D-477E-30563849B573} - c:\documents and settings\Siobhan Callus\Application Data\Upfeo\uxev.exe
HKLM-Run-DMHotKey - c:\program files\Samsung\Easy Display Manager\DMLoader.exe
HKLM-Run-MagicKeyboard - c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
Notify-TPSvc - TPSvc.dll
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Windows Media Player - c:\program files\Windows Media Player\Setup_wm.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{145DE957-0679-4A2A-BB5C-1D3E9808FAB2} - c:\program files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
AddRemove-{17283B95-21A8-4996-97DA-547A48DB266F} - c:\program files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe
AddRemove-{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2} - c:\program files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe
AddRemove-{6A1F72DD-2465-43A2-A137-8A849399B7A8} - c:\program files\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe
AddRemove-{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5} - c:\program files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\Setup.exe
AddRemove-{F4F41D14-E0DD-4FB4-AA09-A14225C769BD} - c:\program files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 17:11
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HM160HI rev.HH100-06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x872F233B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\WI084F~1\Datamngr\DATAMN~1.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\msiexec.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\progra~1\samsung\SAB60E~1\SUPNOT~1.EXE
.
**************************************************************************
.
Completion time: 2011-05-24 17:22:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-24 16:22
.
Pre-Run: 40,016,101,376 bytes free
Post-Run: 55,846,031,360 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5C65CE816088B977DB1D8A5F4C13457D

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:15 AM

Posted 31 May 2011 - 10:48 AM

Hi!

I don't like the looks of your ComboFix log, I have a feeling you maybe infected with an infection known as Ramnit which is a polymorphic virus.

Lets see if my suspicions are correct. If they are then the only option is to perform a reformat and re-install.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: c:\program files\pyntkkub\xffguner.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:15 AM

Posted 02 June 2011 - 11:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users