Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix results - What virus isthis?


  • This topic is locked This topic is locked
2 replies to this topic

#1 ndianboi

ndianboi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 June 2012 - 08:32 PM

Hello B.C.

So I consider myself pretty tech savvy but I have encountered a virus I can't detect or get rid of. I've ran combofix, tdds, super anti-spyware and malwarebytes and my pc works fine for about 10minutes and then its back to Christmas speeds. It affects everything. When I ran combofix in safe mode it said pv.exe must shut down and I looked that up as a possible virus but couldnt locate it on my pc. Please help!

Here is my log from combofix!


ComboFix 12-06-13.03 - Administrator 06/17/2012 17:18:23.14.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.366 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-05-24 18:37 . 2012-05-24 18:37 -------- d-----w- c:\program files\iPod
2012-05-24 18:37 . 2012-05-24 18:39 -------- d-----w- c:\program files\iTunes
2012-05-24 18:26 . 2012-05-24 18:26 -------- d-----w- c:\program files\Bonjour
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-24 18:20 . 2012-05-24 18:20 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-24 18:17 . 2012-05-24 18:20 -------- d-----w- c:\program files\QuickTime
2012-05-23 16:12 . 2012-05-23 16:12 -------- d-----w- C:\Cache
2012-05-23 16:12 . 2012-05-23 16:12 -------- d-----w- C:\w
2012-05-23 16:12 . 2012-05-23 16:12 -------- d-----w- C:\skins
2012-05-23 16:12 . 2012-05-23 16:14 -------- d-----w- C:\e
2012-05-23 16:12 . 2012-05-23 16:12 -------- d-----w- C:\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-19 20:31 . 2012-04-19 20:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-19 20:31 . 2011-04-12 20:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 20:14 . 2012-04-04 17:19 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 20:14 . 2011-08-04 18:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:12 . 2004-08-04 01:07 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 01:07 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2011-06-18 04:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24 . 2012-05-07 21:12 892928 ----a-w- c:\windows\system32\iconv.dll
2012-03-26 21:24 . 2012-05-07 21:12 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-03-26 21:24 . 2012-05-07 21:12 496640 ----a-w- c:\windows\system32\xvid.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-02-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-27 90112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-01-05 296056]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-4-28 4562944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-04 01:09 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 23:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-20 00:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-07-19 00:23 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-02 01:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-05 01:46 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Easy Transfer 7\\migwiz.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:Windows Easy Transfer TCP port
"7000:UDP"= 7000:UDP:Windows Easy Transfer UDP port
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/12/2011 11:53 AM 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [4/12/2011 11:53 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [4/12/2011 11:53 AM 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/12/2011 1:53 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/12/2011 1:53 PM 69392]
S1 a2injectiondriver;a2injectiondriver;\??\j:\emsisoft anti-malware\a2dix86.sys --> j:\emsisoft anti-malware\a2dix86.sys [?]
S1 a2util;a-squared Malware-IDS utility driver;\??\j:\emsisoft anti-malware\a2util32.sys --> j:\emsisoft anti-malware\a2util32.sys [?]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/18/2009 1:51 AM 13696]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/12/2011 11:53 AM 251560]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [4/12/2011 11:52 AM 233976]
S1 SASDIFSV;SASDIFSV;\??\j:\superantispyware\SASDIFSV.SYS --> j:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\j:\superantispyware\SASKUTIL.sys --> j:\superantispyware\SASKUTIL.sys [?]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;"j:\emsisoft anti-malware\a2service.exe" --> j:\emsisoft anti-malware\a2service.exe [?]
S2 Browser Defender Update Service;Browser Defender Update Service;"j:\pc tools security\BDT\BDTUpdateService.exe" --> j:\pc tools security\BDT\BDTUpdateService.exe [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/3/2004 6:07 PM 14336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [4/28/2010 2:28 PM 278528]
S3 a2acc;a2acc;\??\j:\emsisoft anti-malware\a2accx86.sys --> j:\emsisoft anti-malware\a2accx86.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:19 AM 253088]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4/28/2010 2:28 PM 1710944]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [6/6/2010 6:34 PM 24576]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [4/28/2010 2:28 PM 360529]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [4/28/2010 2:28 PM 57440]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/12/2011 11:50 AM 70536]
S3 SASENUM;SASENUM;\??\j:\superantispyware\SASENUM.SYS --> j:\superantispyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;j:\pc tools security\pctsAuxs.exe --> j:\pc tools security\pctsAuxs.exe [?]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/12/2011 1:53 PM 33552]
S3 ThreatFire;ThreatFire;j:\pc tools security\TFEngine\TFService.exe service --> j:\pc tools security\TFEngine\TFService.exe service [?]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [4/30/2010 9:38 PM 72576]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/3/2004 6:07 PM 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:14]
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-616249376-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-06 20:12]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-616249376-682003330-500Core1cc4ebf4e7285b0.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 01:09]
.
2012-06-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-616249376-682003330-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-616249376-682003330-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-06-17 c:\windows\Tasks\User_Feed_Synchronization-{5FF4B590-4B52-4FFC-8A85-9E7B56FB9B5F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{583E5F80-CF9A-447C-B554-0AA81DF3257A}: NameServer = 68.94.156.1,68.94.157.1
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-616249376-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,d0,0e,8d,97,fc,39,43,92,5b,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,9f,19,46,55,cc,eb,43,bb,ab,2d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,9f,19,46,55,cc,eb,43,bb,ab,2d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\McAfeeFirewall]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\PandaFirewall]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SophosAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\SymantecFirewall]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TinyFirewall]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendAntiVirus]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\TrendFirewall]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\athgina.dll
.
Completion time: 2012-06-17 17:39:51
ComboFix-quarantined-files.txt 2012-06-18 00:39
ComboFix2.txt 2012-06-17 22:59
ComboFix3.txt 2012-06-17 05:46
ComboFix4.txt 2012-06-10 09:11
ComboFix5.txt 2012-06-17 23:57
.
Pre-Run: 18,589,818,880 bytes free
Post-Run: 18,599,714,816 bytes free
.
- - End Of File - - 148588A6D433712891B6095C3370887E

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 20 June 2012 - 07:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 25 June 2012 - 07:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users