Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log File


  • This topic is locked This topic is locked
2 replies to this topic

#1 SecondSun

SecondSun

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 September 2011 - 01:05 PM

Hi,

I run ComboFix on my computer and am posting here the Log for your help and assistance. Many thanks in advance.



ComboFix 11-09-05.03 - Administrator 05/09/2011 19:02:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1055.18.503.258 [GMT 2:00]
Running from: c:\documents and settings\Administrator.MALOK\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\version.txt
c:\windows\system32\Cache
c:\windows\system32\Winbooterr
c:\windows\system32\Winlogon
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 16:43 . 2011-09-05 16:43 -------- d-----w- c:\program files\uGet
2011-09-05 16:42 . 2011-09-05 16:42 -------- d-----w- c:\program files\GTK2-Runtime
2011-09-02 22:11 . 2011-09-02 22:13 -------- d-----w- c:\program files\Internet Download Manager
2011-09-02 14:06 . 2011-09-02 14:06 -------- d-----w- C:\Documents and Setting
2011-09-02 11:30 . 2011-09-02 11:30 -------- d-----w- C:\Cookies
2011-09-02 11:30 . 2011-09-02 11:30 -------- d-----w- C:\Local Settings
2011-08-30 16:10 . 2011-08-30 16:10 -------- d-----w- c:\program files\Xenocode
2011-08-30 09:57 . 2011-08-30 09:57 -------- d-----w- c:\program files\Conduit
2011-08-30 09:57 . 2011-08-30 09:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-30 09:57 . 2011-08-30 09:57 -------- d-----w- c:\program files\ZoneAlarm_Extreme_Security
2011-08-30 08:38 . 2011-08-30 13:06 -------- d-----w- c:\program files\CHM EBook Editor
2011-08-29 14:47 . 2011-07-06 15:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-08-28 20:14 . 2011-08-28 20:14 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-08-28 20:14 . 2011-08-28 20:14 -------- d-----w- c:\program files\Norton PC Checkup
2011-08-28 20:14 . 2011-08-28 20:14 -------- d-----w- c:\program files\NortonInstaller
2011-08-28 18:06 . 2011-08-28 18:06 -------- d-----w- c:\windows\Paltalk Messenger
2011-08-28 10:20 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-08-28 10:20 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-08-28 10:20 . 2011-08-28 10:20 -------- d-----w- c:\windows\Logs
2011-08-28 08:18 . 2011-09-02 10:44 -------- d-----w- c:\program files\b4ficons
2011-08-28 08:15 . 2011-08-28 08:15 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-08-28 08:15 . 2011-09-01 23:04 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-08-27 23:45 . 2011-08-27 23:45 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-08-27 23:45 . 2011-08-27 23:45 -------- d-----w- c:\program files\UltraISO
2011-08-27 22:16 . 2011-08-27 22:16 -------- d-----w- c:\program files\Smith Micro
2011-08-27 22:16 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-08-27 21:58 . 2011-08-27 21:58 -------- d-----w- c:\program files\Elaborate Bytes
2011-08-27 17:27 . 2011-08-27 17:28 -------- d-----w- c:\program files\Calibre2
2011-08-27 17:20 . 2008-04-13 09:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-08-27 17:19 . 2008-04-13 10:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-08-27 17:19 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-08-27 17:19 . 2008-04-13 09:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2011-08-27 17:19 . 2008-04-13 09:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-08-27 17:19 . 2008-04-13 09:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-08-27 17:19 . 2008-04-13 07:39 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys
2011-08-27 17:19 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-08-27 17:19 . 2008-04-13 09:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-08-27 17:18 . 2008-04-13 09:45 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2011-08-27 17:18 . 2008-04-13 09:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-08-27 17:18 . 2008-04-13 10:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-08-27 17:18 . 2008-04-13 09:39 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2011-08-27 17:18 . 2008-04-13 09:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2011-08-27 17:18 . 2008-04-13 09:39 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2011-08-27 17:17 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2011-08-27 17:17 . 2008-04-13 10:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-08-27 17:17 . 2008-04-14 07:00 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-08-27 17:17 . 2008-04-13 09:45 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-08-27 17:17 . 2008-04-13 09:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-08-27 17:17 . 2008-04-14 07:00 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-08-27 17:15 . 2011-08-27 17:15 -------- d-----w- c:\program files\Realtek AC97
2011-08-27 17:14 . 2006-11-17 03:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-08-27 17:14 . 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
2011-08-27 17:14 . 2006-07-31 09:27 217088 ----a-w- c:\windows\Alcrmv.exe
2011-08-27 17:14 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
2011-08-27 17:13 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-27 17:13 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-27 17:13 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-27 17:13 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-27 17:13 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-27 17:13 . 2011-08-27 17:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-27 17:13 . 2011-08-27 17:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 15:52 . 2003-06-20 11:28 1777664 ----a-w- c:\windows\system32\GDIPLUS.DLL
2011-08-14 15:52 . 2011-08-14 15:52 -------- d-----w- c:\program files\Recosoft PDF2Office
2011-08-14 15:46 . 2006-02-07 13:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 15:46 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-08-14 15:46 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-08-14 15:46 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-08-14 15:46 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-08-14 15:46 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-08-14 15:46 . 2011-08-14 15:46 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-08-14 15:45 . 2011-08-14 15:45 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-08-14 10:47 . 2011-08-14 10:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-14 10:47 . 2011-08-14 10:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-14 07:27 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-14 07:27 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-13 13:17 . 2011-08-13 13:17 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-08-13 13:11 . 2011-08-13 13:11 -------- d-----r- C:\MSOCache
2011-08-13 12:33 . 2011-08-13 12:33 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-13 08:21 . 2011-08-13 08:12 34064 ----a-w- c:\windows\system32\Instexnt.exe
2011-08-13 08:21 . 2011-08-13 08:11 5904 ----a-w- c:\windows\system32\Autoexnt.exe
2011-08-13 08:21 . 2011-08-13 08:11 2364 ----a-w- c:\windows\system32\1.reg
2011-08-13 08:21 . 2011-08-13 08:11 175 ----a-w- c:\windows\system32\Autoexnt.bat
2011-08-12 09:54 . 2008-06-14 17:33 272000 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-08-12 09:54 . 2008-06-14 17:33 272000 ------w- c:\windows\system32\drivers\bthport.sys
2011-08-12 09:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-08-11 10:22 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-08-11 10:22 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-08-11 09:09 . 2011-08-18 08:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 08:39 . 2001-08-17 20:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-08-11 08:38 . 2008-04-14 08:36 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-11 08:38 . 2008-04-13 09:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-08-11 08:37 . 2008-04-14 08:39 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-08-11 08:36 . 2011-08-27 08:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-11 08:33 . 2011-08-11 08:33 -------- d-----w-anlar c:\docume~1\DEFAUL~1.WIN\SKKULL~1
2011-08-11 08:33 . 2011-08-11 08:33 -------- d-----w-anlar c:\docume~1\ALLUSE~1.WIN\SKKULL~1
2011-08-11 08:33 . 2008-04-15 12:00 17695 ----a-r- c:\windows\SET8.tmp
2011-08-11 08:33 . 2008-04-15 12:00 1088840 ----a-r- c:\windows\SET4.tmp
2011-08-11 08:33 . 2008-04-15 12:00 1233791 ----a-r- c:\windows\SET3.tmp
2011-08-11 08:24 . 2011-08-11 08:27 -------- d-----w- c:\windows\system32\1055
2011-08-11 07:09 . 2009-04-24 14:42 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-11 07:09 . 2009-04-24 14:42 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-11 07:09 . 2009-04-24 14:42 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-11 07:09 . 2009-04-24 14:42 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-08-11 07:09 . 2009-04-24 14:42 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-11 07:09 . 2011-08-11 07:09 71279 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-08-11 07:02 . 2008-04-14 07:00 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-08-11 07:02 . 2001-11-21 17:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-08-11 07:02 . 2008-04-14 06:40 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-08-11 07:02 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-08-11 07:02 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-11 07:01 . 2011-08-11 07:01 -------- d-----w- c:\windows\Favorites
2011-08-11 07:01 . 2011-08-15 12:22 -------- d-----r-anlar c:\docume~1\ADMINI~1.MAL\SKKULL~1
2011-08-11 06:54 . 2011-08-11 08:33 -------- d-----w-anlar c:\windows\system32\config\SYSTEM~1\SKKULL~1
2011-08-11 06:54 . 2011-08-11 08:33 -------- d-----w- c:\windows\system32\config\systemprofile\Belgelerim
2011-08-11 06:53 . 2001-11-21 19:35 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-08-11 06:53 . 2001-11-21 19:35 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-08-11 06:53 . 2001-11-21 19:35 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-08-11 06:53 . 2001-11-21 19:35 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-08-11 06:53 . 2001-11-21 19:35 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-08-11 06:53 . 2001-11-21 19:35 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-08-11 06:53 . 2001-11-21 19:35 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-08-11 06:51 . 2008-04-15 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2011-08-11 06:48 . 2008-04-15 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2011-08-11 06:48 . 2008-04-15 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-08-11 06:48 . 2008-04-15 12:00 11264 ----a-w- c:\windows\system32\atrace.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 08:12 . 2011-08-13 08:21 2320 ----a-w- c:\windows\system32\Servmess.dll
2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-23 18:30 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-15 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-27 08:04 . 2011-08-11 08:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-29 3417496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/08/2011 14:33 436792]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [29/08/2011 16:47 101616]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [14/10/2010 17:08 11352]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [25/07/2011 14:57 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [25/07/2011 14:57 493184]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [28/08/2011 22:14 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [28/08/2011 22:14 126392]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [25/07/2011 14:57 36744]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Administrator.MALOK\Desktop\antispy\SUPERAntiSpyware\SASDIFSV.SYS --> c:\documents and settings\Administrator.MALOK\Desktop\antispy\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Administrator.MALOK\Desktop\antispy\SUPERAntiSpyware\SASKUTIL.SYS --> c:\documents and settings\Administrator.MALOK\Desktop\antispy\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [13/08/2011 10:21 5904]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [11/08/2011 09:09 102656]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://Patoghu.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Administrator.MALOK\Application Data\Mozilla\Firefox\Profiles\owamyqwc.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\documents and settings\Administrator.MALOK\Desktop\antispy\SUPERAntiSpyware\SuperAntiSpyware.exe
HKCU-Run-Super Hide IP - c:\program files\SuperHideIP\SuperHideIP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 19:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1563985344-527237240-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,31,7f,51,2f,9e,96,40,bd,d6,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,31,7f,51,2f,9e,96,40,bd,d6,cf,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,31,7f,51,2f,9e,96,40,bd,d6,cf,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1264)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\progra~1\CHECKP~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(620)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\progra~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\program files\CheckPoint\ZAForceField\ISWMGR.exe
c:\program files\CheckPoint\ZAForceField\ISWMGR.exe
.
**************************************************************************
.
Completion time: 2011-09-05 19:30:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 17:30
.
Pre-Run: 5,821,796,352 bayt bos
Post-Run: 12,320,976,896 bayt bos
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5087820BF4D7CDF9DEB5A64CE7E51CE8

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 AM

Posted 10 September 2011 - 12:55 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Your ComboFix log is clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the log and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 AM

Posted 18 September 2011 - 09:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users