Hi Katana,
about the antivirus the one that I supose to use is avast, but actually dont know if Im really protected, the trend micro is expired, I dont know if I have more than those antivirus.
The problems that I have are loggin time, its taking a long time to log in, also I have many pop ups , when I try to open explorer a window appears saying " this add-on was blocked . it must be updated with internet explorer 7"....I did it , but everytime I try to open shows the same message, also there are 3 temp files( TEMP. ISABELA.001, TEMP.ISABELA.002, TEMP.ISABELA.003) in my documents folder that I just cant remove and of course the performance of the pc is slow.
here is the combofix log:
ComboFix 08-11-12.01 - ANGIE SALAZAR HONORE 2008-11-13 8:32:26.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.658 [GMT -5:00]
Running from: c:\documents and settings\TEMP.ISABELA.003\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\INSTALL.LOG
c:\program files\SelectRebates
c:\program files\SelectRebates\SelectRebatesDownload.exe
C:\test.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\ntnet.drv
c:\windows\system32\sysaudio.sys
----- BITS: Possible infected sites -----
hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_.NET_CONNECTION_SERVICE
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
2008-11-13 08:43 . 2008-11-13 08:43 <DIR> d-------- c:\documents and settings\ANGIE SALAZAR HONORE.ISABELA
2008-11-12 16:26 . 2008-11-12 16:27 <DIR> d-------- C:\rsit
2008-11-12 16:15 . 2008-10-24 06:21 455,296 -----c--- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 16:14 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-11-04 15:12 . 2003-01-11 18:35 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.002\WINDOWS
2008-11-04 15:12 . 2008-11-04 18:25 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.002
2008-11-03 22:21 . 2008-11-03 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-03 20:40 . 2008-11-03 20:40 <DIR> d-------- c:\program files\DVDFab 5
2008-11-03 20:16 . 2003-01-11 18:35 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.001\WINDOWS
2008-11-03 20:15 . 2008-11-03 22:41 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.001
2008-11-01 14:32 . 2008-11-01 14:32 <DIR> d-------- C:\Log
2008-10-31 19:17 . 2003-01-11 18:35 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.000\WINDOWS
2008-10-31 19:16 . 2008-10-31 20:31 <DIR> d-------- c:\documents and settings\TEMP.ISABELA.000
2008-10-29 16:59 . 2003-01-11 18:35 <DIR> d-------- c:\documents and settings\TEMP.ISABELA\WINDOWS
2008-10-29 16:58 . 2008-10-29 19:33 <DIR> d-------- c:\documents and settings\TEMP.ISABELA
2008-10-29 08:34 . 2003-01-11 18:35 <DIR> d-------- c:\documents and settings\TEMP\WINDOWS
2008-10-29 08:34 . 2008-10-29 10:43 <DIR> d-------- c:\documents and settings\TEMP
2008-10-25 18:06 . 2008-11-13 08:24 726,568 --a------ c:\windows\SYSTEM32\kdfmgr.exe
2008-10-23 13:34 . 2008-10-15 11:34 337,408 -----c--- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 14:31 . 2008-09-08 05:41 333,824 -----c--- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 14:30 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 14:30 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 14:30 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 14:30 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-15 14:30 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 13:35 --------- d-----w c:\program files\lg_fwupdate
2008-11-13 13:24 77,824 ----a-w c:\windows\SYSTEM32\kdfapi.dll
2008-11-13 13:24 53,248 ----a-w c:\windows\SYSTEM32\Kdfhok.dll
2008-11-13 13:24 192,512 ----a-w c:\windows\SYSTEM32\kdfvmgr.exe
2008-11-04 01:41 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-29 13:46 --------- d-----w c:\program files\Java
2008-10-29 13:43 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 18:07 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-08-28 07:46 74,752 ----a-w c:\windows\SYSTEM32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\SYSTEM32\win32spl.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2008-08-13 19:48 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-03-25 17:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-01-24 22:44 19,183,158 ----a-w c:\documents and settings\Install AOL Communicator\ac_install.exe
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2004-01-30 14:58 5,399,584 ------w c:\program files\Art2002Sp3-kb834693-client-enu.exe
2004-01-30 14:36 16,835,104 ------w c:\program files\OfficeXpSp3-kb832671-client-enu.exe
2004-01-30 05:09 593,440 ------w c:\program files\StsSp3-kb833845-client-enu.exe
2002-05-02 14:55 1,682,432 -c--a-w c:\program files\PRJPRO.MSI
2002-05-02 14:51 117,395,522 ----a-w c:\program files\MSPROJ10.CAB
2002-04-30 21:06 36,451 ----a-w c:\program files\README.HTM
2000-06-21 23:46 1,499,904 ----a-w c:\program files\INSTMSIW.EXE
2000-06-21 23:46 1,489,152 ----a-w c:\program files\INSTMSI.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-01-06 13:44 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2008-01-08 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-01-09 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-01-09 114688]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2008-01-09 364544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-09 98304]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2008-01-29 221184]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2008-01-09 1397760]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-01-09 229376]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2008-01-09 65536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-09 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-15 1398024]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-01-08 90112]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2008-01-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2008-01-08 458752]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-12 198184]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-01-09 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2008-01-07 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2003-08-21 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux7"= sysaudio.sys
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2008-01-08 13:49 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
--a------ 2008-01-08 13:51 2061816 c:\program files\BellSouth\AM\BellSouthAlertManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2008-01-08 13:52 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-01-25 20:34 5674352 c:\program files\MSN Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-08 13:49 26112 c:\program files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-25 20:33 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-08 13:53 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2008-07-10 19507]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\DRIVERS\sonypvd3.sys [2004-12-07 64964]
.
Contents of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-11-12 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dellnet.com
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-13 08:43:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\mssql7\Binn\sqlservr.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\wanmpsvc.exe
c:\program files\Linksys\WUSB300N\WLService.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\msiexec.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\DELLSU~1\DSBrws.exe
.
**************************************************************************
.
Completion time: 2008-11-13 8:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 13:57:45
ComboFix2.txt 2008-07-07 01:09:09
Pre-Run: 10,593,153,024 bytes free
Post-Run: 10,667,855,872 bytes free
226 --- E O F --- 2008-11-12 23:59:39