Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Due to trojans Combofix can't even start.


  • Please log in to reply
4 replies to this topic

#1 jbradvi9

jbradvi9

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 24 November 2012 - 07:29 PM

I have problem with trojan infection but before I could start Combofix and the application passed through all its stages and removed some files so the PC became more responsive. Now the new infection is so intense that Combofix window disappears just after backing up the registry has finished .

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 24 November 2012 - 08:37 PM

Note the blue text above your post..."ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer."

Do you still have the 1st run CogmboFix log?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 25 November 2012 - 10:41 AM

The first log file: ComboFix2.txt



ComboFix 12-09-27.03 - Administrator 27.09.2012 20:19:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.502.232 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\abc.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 12:25 . 2012-06-22 09:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-09-27 12:25 . 2012-06-22 09:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-27 12:25 . 2012-06-22 09:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-09-27 12:25 . 2012-06-22 09:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-09-27 12:25 . 2012-06-22 09:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-27 12:21 . 2012-06-22 13:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-09-27 12:20 . 2012-06-22 13:33 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-27 12:20 . 2012-06-22 13:35 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-09-27 12:20 . 2012-09-27 12:20 -------- d-----w- c:\program files\PC Tools
2012-09-27 11:58 . 2012-02-28 09:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-09-27 11:58 . 2012-02-28 09:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-09-27 11:58 . 2012-04-23 10:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-09-27 11:58 . 2012-04-23 10:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-09-27 11:58 . 2012-09-27 12:20 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-27 11:58 . 2012-06-22 13:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-27 11:57 . 2012-09-27 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-09-27 11:57 . 2012-09-27 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-09-27 10:18 . 2012-09-27 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2012-09-25 11:36 . 2012-09-25 11:36 -------- d-----w- C:\$WIN_NT$.~LS
2012-09-21 01:24 . 2012-09-21 01:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-09-21 01:17 . 2012-09-24 16:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adaware
2012-09-21 01:16 . 2011-11-29 04:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-09-21 01:16 . 2011-11-29 04:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-09-21 01:16 . 2012-09-21 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-09-21 01:16 . 2012-09-24 16:12 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-09-21 01:16 . 2012-09-21 01:16 -------- d-----w- c:\windows\system32\drivers\VDD
2012-09-21 01:15 . 2012-09-21 01:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-09-21 01:12 . 2012-09-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-09-21 01:12 . 2012-09-21 01:12 -------- d-----w- c:\program files\Toolbar Cleaner
2012-09-21 01:12 . 2012-09-27 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\adawaretb
2012-09-21 01:12 . 2012-09-21 01:12 -------- d-----w- c:\program files\adawaretb
2012-09-21 01:08 . 2012-09-24 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus
2012-09-19 03:45 . 2012-09-19 03:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-19 01:59 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-19 01:59 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-19 01:59 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-19 01:59 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-19 01:59 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-19 01:59 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-19 01:59 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-19 01:59 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-19 01:58 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-19 01:58 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\program files\AVAST Software
2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-18 00:49 . 2012-09-18 00:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\flamerobin
2012-09-18 00:49 . 2012-09-18 00:49 -------- d-----w- c:\program files\FlameRobin
2012-09-18 00:48 . 2009-07-22 15:46 450560 ----a-w- c:\windows\system32\GDS32.DLL
2012-09-18 00:48 . 2009-07-22 15:59 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2012-09-18 00:48 . 2012-09-18 00:48 -------- d-----w- c:\program files\Firebird
2012-09-18 00:46 . 2012-09-18 00:49 -------- d-----w- c:\program files\TCASH4
2012-09-17 07:23 . 2012-09-17 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun
2012-09-17 07:23 . 2012-09-17 07:23 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-17 07:23 . 2012-09-17 07:23 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-17 07:23 . 2012-09-17 07:23 2 --shatr- c:\windows\winstart.bat
2012-09-17 07:23 . 2012-09-10 10:59 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-17 07:23 . 2012-09-17 07:25 -------- d-----w- c:\program files\UnHackMe
2012-09-17 07:02 . 2012-09-17 07:03 -------- d-----w- c:\program files\Resource Hacker
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- C:\$WINDOWS.~BT
2012-09-06 20:41 . 2012-09-06 20:41 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-06 20:40 . 2012-09-06 20:41 -------- d-----w- c:\program files\Real
2012-09-03 13:57 . 2012-09-03 13:57 -------- d-----w- c:\program files\ID Security Suite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 06:30 . 2012-05-17 08:23 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 06:30 . 2012-05-17 08:23 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 06:28 . 2012-07-24 22:27 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-06 23:14 . 2012-05-17 08:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-06 23:14 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-28 15:14 . 2007-09-03 15:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 01:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-09-03 15:57 385024 ----a-w- c:\windows\system32\html.iec
2012-07-09 03:14 . 2012-05-24 23:09 164880 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2012-07-04 14:05 . 2012-05-17 07:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2007-09-03 15:56 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-09-19 03:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-05-28 1494216]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-05-19 6379928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-29 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-29 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"IPHider"="c:\program files\IP Hider\IP Hider.exe" [2009-01-06 1351680]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-06 296096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
On-Screen Keyboard.lnk - c:\windows\system32\osk.exe [2007-9-3 215552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MimioStudio.lnk - c:\program files\mimio\MimioStudio\mimiosys.exe [2012-3-19 576104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][Ş?u?đ, ?i?eô ??? ga?e cő?ťř?l?e?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27.9.2012 13:58 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [27.9.2012 13:58 342168]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8.8.2011 14:58 98928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.9.2012 3:59 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.9.2012 3:59 355632]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [27.9.2012 13:58 203120]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [21.9.2012 3:16 21240]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [12.7.2012 18:32 1239952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2012 3:59 21256]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [18.9.2012 2:48 81920]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [21.9.2012 3:16 77816]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29.8.2011 23:11 665200]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [18.9.2012 2:48 2736128]
S0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\system32\drivers\SMR300.SYS --> c:\windows\system32\drivers\SMR300.SYS [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26.10.2011 14:23 101112]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [27.9.2012 14:25 575448]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19.12.2011 13:20 3289032]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.5.2012 10:23 250288]
S3 AIDA32Driver;AIDA32Driver;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2012 23:49 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [19.9.2012 5:45 114144]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [27.9.2012 14:25 70768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [27.9.2012 14:20 402368]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [4.8.2004 3:07 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 16:32]
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 06:30]
.
2012-09-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KORISNIK-PC-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-24 15:42]
.
2012-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-19 09:12]
.
2012-05-17 c:\windows\Tasks\ESET SmartSecurity 4 - licenca.job
- c:\program files\ESET\ESET SmartSecurity 4 - licenca.bat [2012-05-17 07:22]
.
2012-09-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2146992855-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-09-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2146992855-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-08-25 c:\windows\Tasks\tonegenShakeIcon.job
- c:\program files\NCH Software\ToneGen\tonegen.exe [2012-07-05 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\
FF - prefs.js: browser.startup.homepage - www.google.hr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-2146992855-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(180)
c:\program files\SpeedBit Video Accelerator\SBLSP.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-09-27 20:37:04
ComboFix-quarantined-files.txt 2012-09-27 18:37
ComboFix2.txt 2012-09-27 16:18
ComboFix3.txt 2012-06-15 13:06
ComboFix4.txt 2012-06-14 14:28
.
Pre-Run: 77.860.909.056 bytes free
Post-Run: 78.355.243.008 bytes free
.
- - End Of File - - 8B3F1805616DD714342EBE5EB1E5A223

Edited by jbradvi9, 25 November 2012 - 10:44 AM.


#4 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 25 November 2012 - 10:51 AM

And the last before the runtime problem appeared:

ComboFix 12-06-14.01 - Administrator 14.06.2012 16:10:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.502.195 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Preuzimanja\Corix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Osobni firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Microsoft\~DFK7ecbf.tmp
c:\documents and settings\Administrator\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Administrator\Application Data\Microsoft\bass.dll
c:\documents and settings\Administrator\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Administrator\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Administrator\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Administrator\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Administrator\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\program files\Mozilla Maintenance Service\updater.ini
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-13 13:41 . 2012-06-13 13:44 -------- d-----w- C:\MGtools
2012-06-07 05:13 . 2012-05-21 14:30 643192 ----a-w- C:\autoruns.exe
2012-05-31 14:35 . 2012-05-31 14:35 -------- d-----r- C:\Sandbox
2012-05-31 13:39 . 2012-05-31 13:39 -------- d-----w- C:\Casino
2012-05-23 16:52 . 2012-05-23 17:21 -------- d-----w- C:\Mp3 Output
2012-05-23 01:35 . 2012-05-27 23:55 -------- d-----w- C:\BywifiShare
2012-05-22 01:33 . 2012-05-22 01:33 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:44 . 2012-06-13 13:41 184217 ----a-w- C:\MGlogs.zip
2012-04-30 19:05 . 2012-04-30 19:05 55664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-04-30 19:04 . 2012-04-30 19:04 23792 ----a-w- c:\windows\system32\drivers\vmparport.sys
2012-04-30 19:03 . 2012-04-30 19:03 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 19:03 . 2012-04-30 19:03 33776 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 16:26 . 2012-04-30 16:26 252016 ----a-w- c:\windows\system32\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22 49776 ----a-w- c:\windows\system32\vnetinst.dll
2012-04-30 15:22 . 2012-04-30 15:22 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-04-30 15:22 . 2012-04-30 15:22 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-22 20:14 . 2012-04-22 20:14 3515392 ----a-w- c:\windows\system32\ffdshow.ax
2012-04-22 20:12 . 2012-04-22 20:12 4424704 ----a-w- c:\windows\system32\ffmpeg.dll
2012-04-19 03:57 . 2012-04-19 03:57 113072 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:12 . 2007-09-03 15:56 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-08 23:40 . 2012-04-08 23:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-08 23:39 . 2012-04-08 23:39 260608 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-04-08 23:39 . 2012-04-08 23:39 99840 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-04-08 23:39 . 2012-04-08 23:39 158720 ----a-w- c:\windows\system32\ff_unrar.dll
2012-04-08 23:39 . 2012-04-08 23:39 1525248 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-04-08 23:39 . 2012-04-08 23:39 146944 ----a-w- c:\windows\system32\ff_libmad.dll
2012-04-08 23:39 . 2012-04-08 23:39 212480 ----a-w- c:\windows\system32\ff_libdts.dll
2012-04-08 23:39 . 2012-04-08 23:39 115200 ----a-w- c:\windows\system32\ff_liba52.dll
2012-04-08 23:39 . 2012-04-08 23:39 328704 ----a-w- c:\windows\system32\ff_libfaad2.dll
2012-03-29 14:21 . 2012-03-29 14:21 606720 ----a-w- c:\windows\system32\LAVVideo.ax
2012-03-29 14:21 . 2012-03-29 14:21 462848 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-03-29 14:21 . 2012-03-29 14:21 217600 ----a-w- c:\windows\system32\LAVAudio.ax
2012-03-29 14:21 . 2012-03-29 14:21 172032 ----a-w- c:\windows\system32\libbluray.dll
2012-03-29 14:21 . 2012-03-29 14:21 6582226 ----a-w- c:\windows\system32\avcodec-lav-54.dll
2012-03-29 14:21 . 2012-03-29 14:21 374152 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 207872 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-03-29 14:21 . 2012-03-29 14:21 144523 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 1152365 ----a-w- c:\windows\system32\avformat-lav-54.dll
2012-03-27 15:08 . 2012-03-27 15:08 267264 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-06-07 05:31 . 2012-05-17 09:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 5\ashsnap.exe" [2012-04-27 3404144]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-05-28 1494216]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-21 2219184]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-29 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-29 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
On-Screen Keyboard.lnk - c:\windows\system32\osk.exe [2007-9-3 215552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MimioStudio.lnk - c:\program files\mimio\MimioStudio\mimiosys.exe [2012-3-19 576104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][Ş?u?đ, ?i?e ??? ga?e cő?ťř?l?e? !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8.8.2011 14:58 98928]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.1.2011 9:57 810144]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29.8.2011 23:11 665200]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [26.5.2012 1:33 4096]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [4.8.2004 3:07 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.5.2012 10:23 257696]
S3 AIDA32Driver;AIDA32Driver;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2012 23:49 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
S3 KProcessHacker2;KProcessHacker2;c:\program files\Process Hacker 2\kprocesshacker.sys [13.6.2012 19:00 33352]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [4.8.2004 3:07 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 08:29]
.
2012-06-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-KORISNIK-PC-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-24 15:42]
.
2012-05-17 c:\windows\Tasks\ESET SmartSecurity 4 - licenca.job
- c:\program files\ESET\ESET SmartSecurity 4 - licenca.bat [2012-05-17 07:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = local
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{56818EAF-CC59-4A59-BEFC-C482A7BC6113}: NameServer = 195.29.149.196,195.29.149.197
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nqlph8x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AnyCaptureScreen - (no file)
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
SafeBoot-drmkaud
SafeBoot-AudioEndpointBuilder
SafeBoot-HdAudAddService
SafeBoot-MMCSS
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-2146992855-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(872)
c:\program files\SpeedBit Video Accelerator\SBLSP.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\MSSWCHX.EXE
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
.
**************************************************************************
.
Completion time: 2012-06-14 16:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-14 14:28
.
Pre-Run: 127.392.423.936 bytes free
Post-Run: 128.876.756.992 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E6E7060FB544B9C584F5118F306E32B7

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 25 November 2012 - 05:04 PM

Hi,I wanted to know if you had them,but they need to be posted here Virus, Trojan, Spyware, and Malware Removal Logs with your first post info.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users