Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti virus Combofix


  • Please log in to reply
2 replies to this topic

#1 tilly63

tilly63

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 14 February 2013 - 12:53 PM

EDIT: topic move to proper forum..

Virus, Trojan, Spyware, and Malware Removal Logs ~~boopme

 

I had a problem with Mash Buttons virus on my computer causing it to have many popups and was getting slower by the day. I have Windows XP and my son who owns a computer business, told me about Combofix and said that would get rid on my problem. I ran this anti virus and Mash Buttons disappeared and my computer began running faster immediately. After a day and 1/2, I uninstalled Combofix according to directions. After that I got this error "NkMC2 encountered an improper argument" with an OK button.....as there were no other options, I clicked OK. No my computer seems to be slower again and when I "reboot" I get the black screen with something about Windows XP and I cannot read it fast enough before it pops off and continues booting up. ???

 

Moderator edit: Moved to the more appropriate forum since Combofix had already been run.

Roger


Edited by boopme, 15 February 2013 - 05:01 PM.
Moved back to XP, no logs attached - Hamluis.


BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:34 AM

Posted 14 February 2013 - 01:00 PM

HI,

 

Since You have already run Combofix, I suggest you follow the directions from here

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

You might as well post the Combofix log as well since it was run. It should be in C:\

 

Also for future reference read this.

ComboFix usage, Questions, Help? - Look here

 

Good Luck

Roger


Edited by rotor123, 14 February 2013 - 01:06 PM.
Speling and Grammar

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 tilly63

tilly63
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 15 February 2013 - 04:54 PM

Following is a copy of my report after running Combofix

Tilly63

 

 

ComboFix 13-02-12.01 - Edie 02/12/2013  10:17:55.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1321 [GMT -5:00]
Running from: c:\documents and settings\Edie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Edie\Application Data\Gencontrol
c:\documents and settings\Edie\Application Data\PriceGong
c:\documents and settings\Edie\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Edie\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Edie\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Edie\g2ax_customer_downloadhelper_win32_x86.exe
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files\CouponAlert_2pEI\Installr\2.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\2.bin\2pEZSETP.dll
c:\program files\CouponAlert_2pEI\Installr\2.bin\NP2pEISb.dll
c:\program files\HeadlineAlley_29EI
c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll
c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dll
c:\program files\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\745917240.dat
c:\windows\system32\Cache
c:\windows\system32\Cache\02b73b69059aae99.fb
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\0d25a843e7c8c8c0.fb
c:\windows\system32\Cache\15889ee3ef039106.fb
c:\windows\system32\Cache\1afc3ea02bc62047.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\587e01cd4725865e.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\69c94d1f6ac916b0.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\75b44a68613e2d72.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\8a94eb15695661f1.fb
c:\windows\system32\Cache\97fc598f595facb5.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET104.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wiaservim.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TP4SERVCISVC
-------\Service_tp4servCiSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-12 to 2013-02-12  )))))))))))))))))))))))))))))))
.
.
2013-02-12 02:33 . 2013-02-12 02:33 -------- d-----w- c:\documents and settings\Edie\Application Data\GetRightToGo
2013-02-10 00:22 . 2013-02-12 02:05 -------- d-----w- c:\documents and settings\Edie\Application Data\Skype
2013-02-10 00:22 . 2013-02-10 00:22 -------- d-----r- c:\program files\Skype
2013-02-10 00:22 . 2013-02-10 00:22 -------- d-----w- c:\program files\Common Files\Skype
2013-02-10 00:22 . 2013-02-10 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2013-01-31 21:02 . 2013-01-31 21:02 -------- d-----w- c:\documents and settings\Edie\Local Settings\Application Data\join.me
2013-01-29 00:29 . 2013-01-29 00:29 -------- d-----w- c:\documents and settings\Edie\Local Settings\Application Data\AVG SafeGuard toolbar
2013-01-29 00:29 . 2013-01-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-01-29 00:28 . 2013-01-29 00:28 -------- d-----w- c:\documents and settings\Edie\Application Data\AVG SafeGuard toolbar
2013-01-29 00:28 . 2013-02-11 02:46 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-29 00:28 . 2013-01-29 00:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-01-29 00:28 . 2013-02-11 02:46 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-01-29 00:10 . 2013-01-29 00:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2013-01-29 00:09 . 2013-01-29 00:11 -------- d-----w- c:\documents and settings\Edie\Local Settings\Application Data\CrossLoop
2013-01-28 23:43 . 2013-01-28 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:19 . 2012-05-12 13:13 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 01:19 . 2012-01-02 13:44 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-04-30 06:55 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-10-18 13:42 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 04:33 . 2010-09-07 07:48 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-11 02:46 1920688 ----a-w- c:\program files\AVG SafeGuard toolbar\14.1.0.10\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\14.1.0.10\AVG SafeGuard toolbar_toolbar.dll" [2013-02-11 1920688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Edie\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Edie\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Edie\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Edie\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EmbMachineComms.exe"="c:\4dembroidery\EmbMachineComms.exe" [2008-04-10 96768]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-03 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-11 1124016]
.
c:\documents and settings\Edie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Edie\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Edie^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk]
path=c:\documents and settings\Edie\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 05:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-11-03 10:15 296096 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Edie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Easy Media Player\\emp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Edie\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Edie\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Edie\\Local Settings\\Application Data\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"5910:TCP"= 5910:TCP:vnc5910
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 12:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/28/2013 7:28 PM 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Edie\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [1/28/2013 7:09 PM 569072]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/18/2012 8:42 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2012 8:42 AM 682344]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/28/2012 7:41 AM 92632]
R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2/10/2013 9:46 PM 965296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2012 8:42 AM 21104]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [5/10/2007 11:34 AM 22568]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 2:41 PM 161536]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/7/2011 11:48 AM 1025352]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [5/1/2009 5:17 PM 87040]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 9:09 PM 267568]
S3 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\tp4servinst.exe [11/8/2007 12:56 PM 35616]
S3 tvnserver;TightVNC Server;c:\documents and settings\Edie\Local Settings\Application Data\CrossLoop\tvnserver.exe [1/28/2013 7:09 PM 814080]
S3 VsmRWDriver;VSM Reader/Writer Type A USB Driver service;c:\windows\system32\drivers\VsmRWDriver.sys [8/4/2012 6:48 PM 7808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-06 14:40 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 01:19]
.
2012-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-02-12 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 17:57]
.
2013-02-12 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 17:57]
.
2013-02-11 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 17:57]
.
2013-02-11 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 17:57]
.
2013-02-12 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]
.
2013-02-12 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 17:35]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 17:35]
.
2013-02-12 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2012-07-21 17:38]
.
2013-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2535724065-126398225-3965441921-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2535724065-126398225-3965441921-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: brandmuscle.net
Trusted Zone: redcross.org
Trusted Zone: redcross.org\casemanagement.dstip
TCP: DhcpNameServer = 72.11.0.21 72.11.31.21
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} - hxxps://crossnet.redcross.org/register/CAS/SiebelAx_HI_Client.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {B2DCBF69-EF93-4252-BBC7-BD870EBD9EDE} - hxxps://casemanagement.dstip.redcross.org/service/18372/applets/SiebelAx_HI_Client.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-12 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\documents and settings\Edie\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-02-12  10:35:43 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-12 15:35
.
Pre-Run: 27,270,098,944 bytes free
Post-Run: 28,533,395,456 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3BA10EA0B61F08C9FF73E8B49A73307D
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users