Jump to content

scottishcampbell1

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by scottishcampbell1

  1. Hi there, Thanks for your reply,here is the Combo fix log: I cant run Hijack this as it wont install and run, Im not sure if its related or not but I have had to reinstall Java as it keeps uninstalling.....I think thats how the virus got installled on the 1st place, through Java Here is the log, let me know if you need me to do anything else. Thanks for your help, appreciate it Cheers ComboFix 09-09-08.07 - Colin 09/09/2009 13:25.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3055.2419 [GMT 1:00] Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Colin\Application Data\inst.exe c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Installer\2ef38.msp c:\windows\Installer\358480.msi c:\windows\Installer\358481.msp c:\windows\Installer\358482.msp c:\windows\Installer\358483.msp c:\windows\Installer\358484.msp c:\windows\Installer\358485.msp c:\windows\Installer\358486.msp c:\windows\Installer\358487.msp c:\windows\Installer\358488.msp c:\windows\Installer\358489.msp c:\windows\Installer\35848a.msp Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-09 07:58 . 2009-09-09 07:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-09 07:47 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-09 07:47 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-09 07:47 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-09 07:47 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\program files\Avira 2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-08 16:53 . 2009-09-08 16:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-06 08:39 . 2009-09-06 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-09-06 08:39 . 2009-09-06 08:39 -------- d-----w- c:\program files\IObit 2009-09-06 08:36 . 2009-09-06 08:36 -------- d-----w- c:\documents and settings\Colin\Application Data\Uniblue 2009-09-06 08:36 . 2009-09-06 08:36 -------- d-----w- c:\program files\Uniblue 2009-09-05 23:35 . 2009-09-05 23:35 -------- d-----w- c:\program files\ESET 2009-09-05 17:08 . 2009-09-09 12:38 8320288 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-05 17:08 . 2009-09-09 12:38 79648 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-05 16:21 . 2009-09-06 08:11 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-09-05 16:21 . 2009-09-06 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-09-05 16:05 . 2009-09-05 16:05 -------- d-----w- c:\program files\Enigma Software Group 2009-09-05 13:30 . 2009-09-05 13:30 -------- d-----w- c:\program files\Trend Micro 2009-09-05 12:47 . 2009-09-05 12:53 -------- d-----w- c:\program files\Windows Live Safety Center 2009-09-05 12:40 . 2009-09-06 08:27 -------- d-----w- c:\program files\Windows Defender 2009-09-05 12:39 . 2009-09-05 12:39 -------- d-----w- c:\documents and settings\Colin\Application Data\vlc 2009-09-05 08:09 . 2009-09-05 08:53 -------- d-----w- c:\documents and settings\Colin\.housecall6.6 2009-09-05 07:19 . 2009-09-05 07:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-05 07:17 . 2009-09-05 07:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback 2009-09-05 07:17 . 2009-09-05 07:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-05 07:15 . 2009-09-05 07:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-04 06:00 . 2009-09-05 07:15 -------- d-s---w- c:\documents and settings\Administrator 2009-09-03 21:32 . 2009-09-09 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 18:02 . 2009-09-02 18:03 -------- d-----w- c:\documents and settings\Colin\.gimp-2.6 2009-08-29 19:27 . 2009-08-29 19:27 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Nero 2009-08-29 14:02 . 2009-08-29 14:02 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Ahead 2009-08-29 13:47 . 2009-08-29 13:47 -------- d-----w- c:\documents and settings\Colin\Application Data\Nero 2009-08-29 13:41 . 2009-08-29 13:45 -------- d-----w- c:\program files\Common Files\Nero 2009-08-29 13:41 . 2009-08-29 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-08-29 13:41 . 2009-08-29 13:41 -------- d-----w- c:\program files\Nero 2009-08-22 13:54 . 2009-08-22 13:54 -------- d-----w- c:\documents and settings\Colin\Application Data\Malwarebytes 2009-08-22 13:53 . 2009-08-22 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-22 09:33 . 2009-08-22 09:33 -------- d-----w- C:\3b342b36384b835a1a2b12a6 2009-08-22 09:32 . 2009-09-09 12:25 -------- d-----w- c:\windows\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 12:35 . 2009-09-05 17:08 8468 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-09 12:35 . 2009-09-05 17:08 112412 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-09 12:16 . 2007-09-17 21:38 -------- d-----w- c:\program files\McAfee 2009-09-09 08:10 . 2007-12-11 16:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-09 08:04 . 2008-11-28 09:34 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-05 14:21 . 2008-09-11 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-05 14:16 . 2008-05-30 23:31 -------- d-----w- c:\program files\Java 2009-09-05 13:41 . 2009-09-04 07:13 -------- d-----w- c:\program files\ClamWin 2009-09-05 07:17 . 2009-09-04 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-05 07:16 . 2008-09-11 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-04 23:01 . 2008-03-09 23:02 -------- d-----w- c:\documents and settings\Colin\Application Data\U3 2009-09-04 07:33 . 2009-01-25 20:23 -------- d-----w- c:\program files\AviSynth 2.5 2009-09-04 06:07 . 2009-09-04 06:07 -------- d-----w- c:\program files\Mattgo27 Apps 2009-09-04 06:06 . 2007-09-18 07:32 -------- d-----w- c:\program files\Betfair 2009-09-02 18:42 . 2008-04-08 06:55 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-09-02 18:03 . 2007-10-07 19:36 -------- d-----w- c:\documents and settings\Colin\Application Data\gtk-2.0 2009-08-30 10:24 . 2008-02-29 20:05 -------- d-----w- c:\documents and settings\Colin\Application Data\CoreFTP 2009-08-29 14:17 . 2007-09-17 21:11 -------- d-----w- c:\program files\Common Files\LightScribe 2009-08-24 21:22 . 2007-10-14 10:31 -------- d-----w- c:\documents and settings\Colin\Application Data\dvdcss 2009-08-22 10:33 . 2007-10-04 19:18 95416 -c--a-w- c:\documents and settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 07:58 . 2008-11-30 10:46 -------- d-----w- c:\program files\Crimson Editor 2009-08-14 05:58 . 2009-09-06 08:08 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-12 22:22 . 2008-05-06 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 10:22 . 2009-08-01 10:22 -------- d-----w- c:\program files\AndreaMosaic 2009-08-01 10:21 . 2009-08-01 10:22 737280 ----a-w- c:\windows\iun6002.exe 2009-07-30 20:23 . 2009-07-30 20:23 -------- d-----w- c:\documents and settings\Colin\Application Data\Mazaika 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 18:45 . 2008-09-10 16:40 -------- d-----w- c:\program files\Web Page Maker 2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 08:12 . 2009-06-26 06:15 47360 ----a-w- c:\documents and settings\Colin\Application Data\pcouffin.sys 2009-06-26 06:15 . 2009-06-26 06:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2008-10-11 12:50 . 2008-03-22 15:00 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-10-11 12:50 . 2008-03-22 15:00 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-02-02 10:27 . 2008-03-22 15:00 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-02-02 10:27 . 2008-03-22 15:00 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-10-11 12:50 . 2008-03-22 15:00 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Colin\Start Menu\Programs\Startup\ Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2009-4-17 12438896] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Colin\\My Documents\\Ebay\\Control Panel Shop\\Autoplay Templates\\Games\\CD_Root\\AutoPlay\\Docs\\Open Arena\\openarena-0.8.1\\openarena.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26260:TCP"= 26260:TCP:BitComet 26260 TCP "26260:UDP"= 26260:UDP:BitComet 26260 UDP R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/09/2009 08:47 108289] S2 0316221252498581mcinstcleanup;McAfee Application Installer Cleanup (0316221252498581);c:\windows\TEMP\031622~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\031622~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S2 LocalCpa;Force Repository;"c:\program files\Core Security Technologies\CORE FORCE\Repository\LocalCpa.exe" --> c:\program files\Core Security Technologies\CORE FORCE\Repository\LocalCpa.exe [?] S2 msav;Moon Secure Antivirus Core;c:\program files\Moon Secure Antivirus\msavcore.exe [24/01/2007 20:49 912384] S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [17/09/2007 22:10 46976] S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25/10/2004 00:04 7796] --- Other Services/Drivers In Memory --- *NewlyCreated* - 0316221252498581MCINSTCLEANUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-17 10:53] 2008-03-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-17 10:53] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\xagbmjdm.default\ FF - prefs.js: browser.search.selectedEngine - Google.co.uk FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . - - - - ORPHANS REMOVED - - - - AddRemove-CANONBJ_Deinstall_CNMCP78.DLL - c:\windows\system32\CNMCP78.exe -PRINTERNAMECanon iP4200 -HELPERDLLc:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 13:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1614895754-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D400A2A0-11BD-5867-1AED-8B2EA237B084}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1614895754-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1EB952F-A8DA-1909-8BAF-14273F959FF2}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1184) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\scardsvr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\PSIService.exe c:\program files\Photodex\ProShowGold\scsiaccess.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2009-09-09 13:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-09 12:45 Pre-Run: 12,028,313,600 bytes free Post-Run: 20,055,236,608 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 300 --- E O F --- 2009-09-08 18:25
  2. I managed to find out that Im infected with this C:\WINDOWS\system32\S6NonCK.ocx: Trojan.Bifrose-4074 FOUND There is not very much on google etc to remove it, can anyone help? Cheers
  3. Also cant run Rootappeal, it scans then closes down after a few seconds
  4. Hi, I have just ran the D.D.S script and it just rand and never closed down, the scan said it sould take 3 mins to complete, I left it for 10mins.Hijack this also closes when I run it.... Any other suggestions?
  5. Hi there, Similiar problem as others at the moment,IE seems tio be hijacked and is being redirected all over the place when searching in google, firfox seems fine however. I cant run any scans from any AV software and malware bytes, The scan lasts about 5 seconds then dies, I can insall and update it fine along with other products but no joy with scanning. I haev renamed the .exe files before install and renamed then again after install but nothing, I have alos tried doing this with a new user profile on the PC as well. Can anyone help me out? I can provide what ever log is required. Many thanks Colin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.