Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

combofix results

This is a discussion on combofix results within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. having trouble with viruses, ran combofix, these are the results. please help ComboFix 12-02-09.04 - Dan 09/02/2012 20:11:14.1.2 - x86


Reply
 
Thread Tools Search this Thread
Old 02-09-2012, 12:36 PM   #1
Registered Member
 
Join Date: Feb 2012
Posts: 12
OS: win xp



having trouble with viruses, ran combofix, these are the results. please help


ComboFix 12-02-09.04 - Dan 09/02/2012 20:11:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.729 [GMT 0:00]
Running from: c:\documents and settings\Dan\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB54802$
c:\windows\$NtUninstallKB54802$\1602521494\@
c:\windows\$NtUninstallKB54802$\1602521494\cfg.ini
c:\windows\$NtUninstallKB54802$\1602521494\Desktop.ini
c:\windows\$NtUninstallKB54802$\1602521494\L\ceqhhore
c:\windows\$NtUninstallKB54802$\1602521494\oemid
c:\windows\$NtUninstallKB54802$\1602521494\U\00000001.@
c:\windows\$NtUninstallKB54802$\1602521494\U\00000002.@
c:\windows\$NtUninstallKB54802$\1602521494\U\00000004.@
c:\windows\$NtUninstallKB54802$\1602521494\U\80000000.@
c:\windows\$NtUninstallKB54802$\1602521494\U\80000004.@
c:\windows\$NtUninstallKB54802$\1602521494\U\80000032.@
c:\windows\$NtUninstallKB54802$\1602521494\version
c:\windows\$NtUninstallKB54802$\209644680
c:\windows\kb913800.exe
c:\windows\ocgen.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Blitware
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\program files\Driver Robot
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue
2012-02-09 19:48 . 2012-02-09 19:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-09 19:48 . 2012-02-09 19:48 -------- d-----w- c:\program files\Uniblue
2012-02-09 19:46 . 2012-02-09 19:46 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\PackageAware
2012-02-09 16:17 . 2012-02-09 16:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 15:49 . 2012-02-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2012-02-09 15:49 . 2012-02-09 16:05 -------- d-----w- c:\program files\RegCure
2012-02-08 23:45 . 2012-02-08 23:45 -------- d-----w- C:\$AVG
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\VS Revo Group
2012-02-07 22:05 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\program files\VS Revo Group
2012-02-07 22:00 . 2012-02-07 22:00 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG2012
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-07 21:58 . 2012-02-09 17:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 21:58 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-07 21:58 . 2012-02-07 21:58 -------- d-----w- c:\program files\AVG
2012-02-07 21:53 . 2012-02-07 21:55 -------- d-----w- c:\program files\Mighty Uninstaller
2012-02-07 21:52 . 2012-02-09 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-07 21:49 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-06 00:20 . 2012-02-06 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter
2012-02-06 00:19 . 2012-02-09 15:41 -------- d-----w- c:\program files\TrojanHunter 5.5
2012-02-06 00:16 . 2012-02-06 00:16 -------- d-----w- c:\documents and settings\Dan\Application Data\TrojanHunter
2012-02-06 00:05 . 2012-02-06 00:17 -------- d-----w- c:\program files\TrojanHunter 5.3
2012-02-05 22:25 . 2012-02-09 20:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 15:45 . 2012-02-04 15:45 -------- d-----w- c:\windows\Sun
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-03 01:48 . 2012-02-07 22:10 -------- d-----w- c:\program files\Ableton
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\Dan\PrivacIE
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-31 19:30 . 2012-01-31 19:30 -------- d-sh--w- c:\documents and settings\Dan\IETldCache
2012-01-31 18:15 . 2012-01-31 18:16 -------- dc-h--w- c:\windows\ie8
2012-01-31 18:06 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-31 18:06 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-31 18:06 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-01-31 18:06 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-31 18:06 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-31 18:06 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-01-31 18:06 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-01-26 02:08 . 2012-02-03 02:07 474 ----a-w- C:\user.js
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\program files\BabylonToolbar
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Application Data\Babylon
2012-01-23 22:04 . 2012-01-23 22:04 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\WMTools Downloaded Files
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Application Data\VadeRetro
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities
2012-01-13 17:01 . 2012-01-13 17:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-01-13 11:29 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-13 11:29 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-12 15:57 . 2012-01-12 15:57 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 17:02 . 2004-09-10 13:57 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-09 16:29 . 2004-09-10 13:57 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-09 16:18 . 2004-08-03 22:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2011-11-16 17:12 . 2011-11-16 17:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 20:11 . 2011-11-13 20:11 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-11-13 20:11 . 2011-11-13 20:11 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-11-13 20:11 . 2011-11-13 20:11 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-11-13 20:11 . 2011-11-13 20:11 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-11-13 20:11 . 2011-11-13 20:11 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-11-05 07:10 . 2011-11-16 17:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-07 21:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-07 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-17 26112]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-07 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2011-11-13 472528]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\APPS\\SKYPE\\PHONE\\SKYPE.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [17/11/2011 11:39 632792]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [07/02/2012 21:59 909152]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [13/11/2011 20:11 308688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S3 9571cd3a-8209-4d3b-9994-0b315478764b;9571cd3a-8209-4d3b-9994-0b315478764b;\??\d:\rgasdev.sys --> d:\rgasdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/11/2011 20:11 103040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [07/02/2012 22:05 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
epson_pm_rpcv2_01
tsscoreservice
rt2500usb
v124
dnserver32
grmnusb
rnadirectory
UMAXPCLS
cdr4_xp
DfwWebAgent
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2012-02-09 19:49]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2011-12-31 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-06 23:26]
.
2012-02-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-09 08:26]
.
2012-02-09 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-11-17 10:02]
.
2012-02-09 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-11-17 13:23]
.
2007-07-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-10-17 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
uInternet Connection Wizard,ShellNext = hxxp://google.com/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
LSP: mswsock.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\yix0xle3.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=101067&mntrId=f0b247ab000000000000001617e8f88a&q=
FF - user.js: extensions.BabylonToolbar_i.id - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.hardId - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15373
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
SafeBoot-14860305.sys
SafeBoot-16942971.sys
SafeBoot-53103880.sys
SafeBoot-82344209.sys
SafeBoot-97355549.sys
MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe
AddRemove-Shogun Total War - Warlord Edition - c:\program files\Total War\Shogun - Total War - Warlord Edition\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-09 20:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB54802$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgldx86]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgtdix]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-155635789-1173123948-1868127050-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,c4,3b,4a,05,7b,ac,bf,08,dc,c0,13,de,b1,2a,aa,27,91,45,3c,6a,c2,3f,
10,ce,87,02,68,21,e5,1e,e7,d2,8c,af,38,c6,60,7f,80,82,7a,fa,37,d3,11,d1,21,\
"??"=hex:c4,d6,3a,f1,13,08,8b,93,b5,cf,71,67,e0,96,84,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-02-09 20:28:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 20:28
.
Pre-Run: 169,472,610,304 bytes free
Post-Run: 170,199,248,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 8711146A18817763D80E4EA15E7E0ADD

__________________
kieran.mlne is offline   Reply With Quote
Old 02-09-2012, 12:42 PM   #2
Moderator - Networking
 
Shekka's Avatar
 
Join Date: Jan 2012
Posts: 1,772
OS: Win7 Pro 64bit


You should never run Combofix or other software like it with knowledge of how to use it or unless directed to by someone helping you to repair your system.

It looks like you have two antivirus programs installed as well it may still have some malware lurking about.

... This thread would be better suited for the security team wouldn't it?

__________________

Computers help us fix problems that we would not have without them...

Shekka is offline   Reply With Quote
Old 02-09-2012, 12:44 PM   #3
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 10,971
OS: Windows 7 Pro, ME, Vista. In the past CP/M, DOS, Windows 95, 2000 & 98SE



Moved to Security.
__________________



The stability of an OS is in direct proportion to the stability of the user.
Corday is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
help with rootkit detector results
i regularly run avast and malwarebytes. they almost always come back clean. i ran this tdsskiller today and found 3 results. i really dont know what these mean. could someone please take the time to interpret these 3 results for me and tell me what they are and if they are harmful or not? thank you...
lokeycmos Inactive Malware Help Topics 2 01-13-2012 04:58 PM
ComboFix Log 5-1 Windows 7
Hey Guy's was told to post a combofix log here for you guy's to take a look at... Would appreciate any help... I am getting a BSOD when using the browser randomly pulling a memory write error to a locked address. ComboFix 11-04-30.06 - Josh 05/01/2011 12:51:45.2.2 - x86 Microsoft Windows 7...
joshvette001 Inactive Malware Help Topics 4 05-19-2011 07:31 AM
Combofix report, Help !
Hi there, As I know about computing just a little bit, I need someone's expertise in order to understand the report I have got after running combofix. Basically, 3 days ago my computer got stuck because of malware/spyware. Despite running combofix, it is still very slow at the start even if it...
Neil_Putra Virus/Trojan/Spyware Help 19 05-13-2011 02:05 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:01 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts