Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log help!!


  • This topic is locked This topic is locked
2 replies to this topic

#1 luckyboot

luckyboot

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 22 February 2012 - 09:42 PM

I need help with my combofix log. I'm trying to install a new program and it will not connect with the programs sever to validate my registration id. The tech for the program said "your computer is messed up" and this is what started my quest. He directed me to combfix and to run it. Need some help to debug my comp and get things straightened out. Any help would be great!! Here is my log:

ComboFix 12-02-21.01 - ne1 02/22/2012 17:14:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1485 [GMT -8:00]
Running from: f:\documents and settings\ne1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 00:17 . 2012-02-23 00:17 -------- d-----w- f:\program files\iBryte
2012-02-23 00:17 . 2012-02-23 00:17 -------- d-----w- f:\documents and settings\ne1\Local Settings\Application Data\iBryte
2012-02-22 06:54 . 2012-02-22 06:54 -------- d-----w- f:\program files\Common Files\data dynamics
2012-02-22 06:54 . 2012-02-22 06:54 -------- d-----w- f:\windows\system32\uninstall MU3
2012-02-22 06:45 . 2012-02-22 06:45 -------- d-----w- f:\program files\Common Files\WinMain
2012-02-22 06:45 . 2012-02-22 06:45 -------- d-----w- f:\program files\Codejock Software
2012-02-22 06:43 . 2012-02-22 06:56 -------- d-----w- f:\program files\Common Files\Mastercam
2012-02-22 06:26 . 2012-02-22 06:34 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 05:57 . 2012-02-22 05:57 -------- d-----w- f:\windows\Profiles
2012-02-22 05:48 . 2012-02-22 05:48 -------- d-----w- f:\windows\system32\winrm
2012-02-22 05:48 . 2012-02-22 05:48 -------- dc-h--w- f:\windows\$968930Uinstall_KB968930$
2012-02-22 04:07 . 2012-02-22 04:07 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-02-22 04:05 . 2012-02-22 04:05 -------- d-----w- f:\documents and settings\ne1\Application Data\Windows Search
2012-02-22 04:02 . 2012-02-22 05:30 -------- d-----w- f:\program files\Windows Desktop Search
2012-02-22 04:02 . 2012-02-22 04:02 -------- d-----w- f:\windows\system32\GroupPolicy
2012-02-22 03:58 . 2008-03-07 17:02 98304 -c----w- f:\windows\system32\dllcache\nlhtml.dll
2012-02-22 03:58 . 2008-03-07 17:02 29696 -c----w- f:\windows\system32\dllcache\mimefilt.dll
2012-02-22 03:58 . 2008-03-07 17:02 192000 -c----w- f:\windows\system32\dllcache\offfilt.dll
2012-02-22 03:52 . 2012-02-22 03:52 -------- d-----w- f:\documents and settings\ne1\Application Data\Logitech
2012-02-22 00:54 . 2012-02-22 00:54 -------- d-----w- f:\documents and settings\ne1\Application Data\Avira
2012-02-22 00:49 . 2012-02-23 01:02 137416 ----a-w- f:\windows\system32\drivers\avipbb.sys
2012-02-22 00:49 . 2011-09-16 07:55 36000 ----a-w- f:\windows\system32\drivers\avkmgr.sys
2012-02-22 00:49 . 2011-09-16 07:55 74640 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2012-02-22 00:49 . 2012-02-22 00:49 -------- d-----w- f:\program files\Avira
2012-02-22 00:49 . 2012-02-22 00:49 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
2012-02-22 00:10 . 2012-02-22 00:10 -------- d-----w- f:\program files\Microsoft.NET
2012-02-22 00:04 . 2012-02-22 00:04 -------- d-----w- f:\documents and settings\ne1\Application Data\TeamViewer
2012-02-21 23:58 . 2012-02-21 23:58 -------- d-----w- f:\documents and settings\All Users\Application Data\cswin32
2012-02-21 23:46 . 2012-02-21 23:46 -------- d-----w- f:\documents and settings\ne1\Application Data\SolidDocuments
2012-02-21 23:45 . 2012-02-22 05:57 -------- d-----w- f:\program files\POV-Ray for Windows v3.1
2012-02-21 23:44 . 1998-06-19 20:23 270848 ----a-w- f:\windows\UNWISE32.EXE
2012-02-21 23:44 . 2012-02-23 01:12 -------- d-----w- f:\program files\Cabinet Solutions
2012-02-21 23:44 . 2011-10-04 04:00 19272 ----a-w- f:\windows\system32\solidlocalui.dll
2012-02-21 23:44 . 2011-10-04 03:59 27976 ----a-w- f:\windows\system32\solidlocalmon.dll
2012-02-21 23:43 . 2012-02-21 23:43 -------- d-----w- f:\documents and settings\All Users\Application Data\SolidDocuments
2012-02-19 22:07 . 2012-02-19 22:07 -------- d-----w- f:\program files\AnyToISO
2012-02-17 00:06 . 2012-02-17 00:06 -------- d-----w- F:\LicomCfg
2012-02-17 00:05 . 2006-03-30 22:30 50176 ----a-w- f:\windows\system32\SNTI386.DLL
2012-02-17 00:05 . 2006-03-30 22:28 76288 ----a-w- f:\windows\system32\drivers\SENTINEL.SYS
2012-02-17 00:05 . 2006-03-30 22:27 18432 ----a-w- f:\windows\system32\RNBOVDD.DLL
2012-02-17 00:05 . 2006-03-30 22:29 26120 ----a-w- f:\windows\system32\drivers\SNTNLUSB.SYS
2012-02-17 00:05 . 2012-02-17 00:05 -------- d-----w- f:\windows\system32\RNBOSENT
2012-02-17 00:03 . 2012-02-20 03:03 -------- d-----w- F:\Planit
2012-02-15 02:46 . 2012-01-11 19:06 3072 -c----w- f:\windows\system32\dllcache\iacenc.dll
2012-02-15 02:46 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-02-04 08:20 . 2012-02-04 08:20 -------- d-----w- f:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-04 07:57 . 2012-02-04 07:57 -------- d-----w- f:\documents and settings\ne1\Local Settings\Application Data\PackageAware
2012-01-29 03:35 . 2012-01-29 03:35 -------- d-----w- f:\documents and settings\All Users\Application Data\Kruptos
2012-01-28 07:41 . 2006-11-22 18:01 693760 ----a-w- f:\windows\system32\drivers\hardlock.sys
2012-01-28 07:41 . 2006-11-22 18:01 100096 ----a-w- f:\windows\system32\drivers\aksusb.sys
2012-01-28 07:41 . 2006-11-22 18:01 327168 ----a-w- f:\windows\system32\drivers\akshasp.sys
2012-01-28 07:41 . 2006-10-17 03:35 7168 ----a-w- f:\windows\system32\akscoinst.dll
2012-01-28 07:41 . 2006-10-17 03:35 104576 ----a-w- f:\windows\system32\drivers\aksclass.sys
2012-01-28 07:34 . 2012-01-28 07:34 -------- d-----w- f:\documents and settings\All Users\Application Data\Macrovision
2012-01-28 07:34 . 2012-01-28 07:34 -------- d-----w- f:\documents and settings\All Users\Application Data\FLEXnet
2012-01-28 07:34 . 2012-02-22 06:56 -------- d-----w- F:\mcamx
2012-01-28 07:23 . 2007-10-22 06:31 18432 ----a-w- f:\windows\system32\drivers\vusbbus.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:34 . 2007-05-01 13:30 73728 ----a-w- f:\windows\system32\javacpl.cpl
2012-02-18 18:34 . 2010-05-10 18:12 472808 ----a-w- f:\windows\system32\deployJava1.dll
2012-01-18 14:44 . 2010-04-09 04:00 540960 ----a-w- f:\windows\system32\LVUI2RC.dll
2012-01-18 14:44 . 2010-04-09 04:00 4332960 ----a-w- f:\windows\system32\drivers\lvuvc.sys
2012-01-18 14:44 . 2010-04-09 04:00 545056 ----a-w- f:\windows\system32\LVUI2.dll
2012-01-18 14:44 . 2010-04-09 03:58 312096 ----a-w- f:\windows\system32\drivers\lvrs.sys
2012-01-18 14:44 . 2012-01-18 14:44 196896 ----a-w- f:\windows\system32\lvci13311044.dll
2012-01-18 14:44 . 2010-04-09 04:00 307488 ----a-w- f:\windows\system32\lvcodec2.dll
2012-01-18 14:44 . 2010-05-14 21:56 10920984 ----a-w- f:\windows\system32\LogiDPP.dll
2012-01-18 14:44 . 2010-05-14 21:56 104472 ----a-w- f:\windows\system32\LogiDPPApp.exe
2012-01-18 14:44 . 2010-05-14 21:55 336408 ----a-w- f:\windows\system32\DevManagerCore.dll
2012-01-18 14:23 . 2010-04-09 03:58 38958 ----a-w- f:\windows\system32\Repository.reg
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- f:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- f:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- f:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- f:\windows\system32\winsrv.dll
2012-02-20 23:55 . 2011-12-15 06:50 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}]
2009-11-07 08:07 297808 ----a-w- f:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="f:\program files\PeerGuardian2\pg2.exe" [2005-09-19 1421824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="f:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-23 32768]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"hpqSRMon"="f:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"APSDaemon"="f:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - f:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-3-6 110592]
ATI CATALYST System Tray.lnk - f:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-23 32768]
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=f:\windows\pss\AutoStart IR.lnkCommon Startup
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]
2011-09-26 03:08 214976 ----a-w- f:\program files\trademanager\AliIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 23:43 6061400 ----a-w- f:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- f:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 08:18 6276408 ----a-w- f:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- f:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-28 01:01 68096 ----a-w- f:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-10-25 05:37 35328 ----a-w- f:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2011-08-22 08:18 6276408 ----a-w- f:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\trademanager\\AliIM.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"f:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"f:\\Program Files\\Azureus\\Azureus.exe"=
"f:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Cabinet Solutions\\GetCodes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 uliagpkx;ULi AGP Bus Filter Driver;f:\windows\system32\drivers\AGPKX.SYS [11/15/2006 5:22 PM 45056]
R0 Vax347s;Vax347s;f:\windows\system32\drivers\Vax347s.sys [6/25/2007 4:45 PM 5248]
R1 avkmgr;avkmgr;f:\windows\system32\drivers\avkmgr.sys [2/21/2012 4:49 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [2/21/2012 4:50 PM 86224]
R2 UMVPFSrv;UMVPFSrv;f:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [3/31/2011 9:11 PM 450848]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;f:\windows\system32\drivers\HCWBT8XX.sys [11/15/2006 6:39 PM 433732]
R3 Mach3;Mach3 Pulseing Service;f:\windows\system32\drivers\Mach3.sys [3/24/2010 9:51 PM 106240]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;f:\windows\system32\drivers\ULILAN51.SYS [11/15/2006 5:22 PM 28672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 6:44 AM 135664]
S3 CH341SER;CH341SER;f:\windows\system32\drivers\CH341SER.SYS [11/2/2009 6:03 PM 39632]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 6:44 AM 135664]
S3 WinRM;Windows Remote Management (WS-Management);f:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XRNBO;XRNBO;f:\windows\system32\drivers\XRNBO.sys [11/9/2009 10:07 PM 177152]
S4 Vax347b;Vax347b;f:\windows\system32\drivers\Vax347b.sys [6/25/2007 4:45 PM 159616]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-02-22 f:\windows\Tasks\Google Software Updater.job
- f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 15:51]
.
2012-02-23 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:44]
.
2012-02-23 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:44]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - f:\documents and settings\ne1\Application Data\Mozilla\Firefox\Profiles\vsf9ttv6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92D00A76-5F52-B1EA-D10E-A44C9C8F8C28}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0c\01\0c\06\12:?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
f:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1164)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-22 17:19:51
ComboFix-quarantined-files.txt 2012-02-23 01:19
ComboFix2.txt 2012-02-23 00:57
.
Pre-Run: 5,972,443,136 bytes free
Post-Run: 5,951,111,168 bytes free
.
- - End Of File - - 354D5DDDCEC052CA30CEC0D7EC849C21

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:32 AM

Posted 28 February 2012 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your ComboFix log is clean.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any other problems you are having with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:32 AM

Posted 05 March 2012 - 10:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users