Jump to content

daytona

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Everything posted by daytona

  1. daytona
    Nope..
  2. daytona
    I made a post sometime back concerning Windows (XP pro) and Microsoft security essentials failing to update. LINK TO ORIGINAL: http://forums.malwarebytes.org/index.php?showtopic=88390&st=0&p=451490entry451490 Internet seems to be functioning properly all other AV's ive tried work perfectly. This exact same issue happened on another two systems I have worked on completely different networks/uses/system. Microsoft doesn't have a solution however it appears to be on their end. Does anyone have any experience with this? I have ran every antivirus/spyware program in safe-mode reset BITS/Updates etc and otherwise with no solution. The only way I have found to solve it is reinstalling windows.
  3. daytona
    Thanks for your reply, however that did not solve the issue.
  4. daytona
    When I go to windows update, I get the following error message. "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. "[Error number: 0x80070424] Microsoft security essentials will also not update properly Everything else seems to be working/updating. I an ran malware bytes in safemode found a couple things however did not solve the issue. Thanks for any help in this matter. Sorry forgot the add log hijackthis.log
  5. daytona
    Thanks again for everything!!
  6. daytona
    Everything seems to be running great! I can update Windows and everything is running faster. I thought for sure this computer needed the windows disc! You really know your stuff thanks for everything!! I don't think I ever got a virus this bad, was it one in particular or several?
  7. daytona
    ComboFix 11-01-30.02 - user 01/31/2011 7:12.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1417 [GMT -5:00] Running from: c:\documents and settings\user.FTPD\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\user.FTPD\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FILE :: "c:\windows\system32\OLD18.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\oDoGmBe06511 c:\documents and settings\All Users\Application Data\oDoGmBe06511\oDoGmBe06511 c:\documents and settings\user.FTPD\Application Data\81422 c:\documents and settings\user.FTPD\Application Data\81422\pdmn2.exe c:\documents and settings\user.FTPD\Application Data\81422\recf.exe c:\documents and settings\user.FTPD\Application Data\81422\userid.dat c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7} c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome.manifest c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome\content\_cfg.js c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome\content\overlay.xul c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\install.rdf c:\windows\system32\OLD18.tmp . ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 ))))))))))))))))))))))))))))))) . 2011-01-30 21:58 . 2011-01-30 21:58 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\MpKsl611250ae.sys 2011-01-30 21:58 . 2011-01-13 06:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\mpengine.dll 2011-01-30 21:58 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-30 21:56 . 2011-01-30 21:56 -------- d-----w- c:\windows\LastGood 2011-01-30 21:56 . 2011-01-30 21:56 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-30 21:41 . 2011-01-30 21:41 5126 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-01-30 14:14 . 2011-01-30 14:14 388096 ----a-r- c:\documents and settings\user.FTPD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-30 14:14 . 2011-01-30 14:14 -------- d-----w- c:\program files\Trend Micro 2011-01-30 13:59 . 2011-01-31 12:10 -------- d-----w- c:\windows\system32\CatRoot2 2011-01-30 13:17 . 2011-01-30 13:18 -------- d-----w- c:\program files\CCleaner 2011-01-30 13:07 . 2011-01-30 13:09 -------- dc-h--w- c:\windows\ie8 2011-01-29 21:43 . 2011-01-29 21:43 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-29 18:52 . 2010-03-10 06:15 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll 2011-01-29 18:52 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2011-01-29 18:30 . 2011-01-30 12:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-01-29 18:30 . 2011-01-30 12:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-01-29 17:54 . 2011-01-29 17:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 04:18 . 2011-01-29 04:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes 2011-01-29 02:26 . 2011-01-29 05:27 0 ----a-w- c:\windows\Aqamonibumeru.bin 2011-01-28 23:48 . 2011-01-28 23:48 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\smpCommsInit 2011-01-24 16:40 . 2011-01-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2011-01-23 14:27 . 2011-01-23 14:27 1409 ----a-w- c:\windows\QTFont.for 2011-01-13 15:02 . 2011-01-13 15:02 -------- d-----w- c:\documents and settings\LaFave\10-1177 2011-01-12 08:25 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll 2011-01-12 08:25 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll 2011-01-12 08:25 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll 2011-01-12 08:25 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll 2011-01-12 08:25 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll 2011-01-12 08:25 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll 2011-01-01 22:27 . 2011-01-01 22:27 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 23:09 . 2010-11-17 21:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2010-11-17 21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-07 21:11 . 2010-12-07 21:11 709456 ----a-w- c:\windows\isRS-000.tmp 2010-11-18 18:12 . 2004-08-10 19:02 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-02-28 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\LaFave\10-1177 ---- 2011-01-12 17:23 . 2011-01-12 18:25 1081712 ----a-w- c:\documents and settings\LaFave\10-1177\Handgun 2.JPG 2011-01-12 17:23 . 2011-01-12 18:25 1091852 ----a-w- c:\documents and settings\LaFave\10-1177\Handgun 1.JPG ((((((((((((((((((((((((((((( SnapShot@2011-01-30_21.31.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-01-30 21:48 . 2011-01-30 21:48 16384 c:\windows\Temp\Perflib_Perfdata_654.dat - 2007-11-30 00:15 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe + 2007-11-30 00:15 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2004-08-10 18:51 . 2011-01-30 21:41 97942 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll - 2006-02-28 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll + 2006-02-28 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll - 2006-02-28 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll + 2009-03-08 09:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll - 2009-03-08 09:31 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 09:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll - 2009-03-08 09:33 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 09:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll + 2011-01-30 21:46 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll + 2011-01-30 21:46 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll + 2011-01-30 21:46 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll + 2011-01-30 21:46 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll + 2011-01-30 21:44 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll + 2011-01-30 21:44 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll + 2011-01-30 21:46 . 2010-02-22 14:23 17272 c:\windows\ie8updates\KB2416400-IE8\spmsg.dll + 2011-01-30 21:46 . 2010-02-22 14:23 26488 c:\windows\ie8updates\KB2416400-IE8\spcustom.dll + 2011-01-30 21:46 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll + 2011-01-30 21:46 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll + 2011-01-30 21:46 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll + 2006-02-28 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll - 2006-02-28 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll + 2004-08-10 18:51 . 2011-01-30 21:41 509830 c:\windows\system32\perfh009.dat + 2006-02-28 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll + 2006-02-28 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll - 2006-02-28 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll - 2006-02-28 12:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll + 2006-02-28 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2006-02-28 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll + 2006-02-28 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll + 2006-02-28 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe + 2010-10-25 02:25 . 2010-10-25 02:25 165264 c:\windows\system32\drivers\MpFilter.sys + 2009-03-08 09:34 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll + 2009-03-08 09:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll + 2009-03-08 09:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll - 2009-03-08 09:32 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 09:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 19:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-08 09:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2011-01-30 21:56 . 2011-01-30 21:56 786432 c:\windows\Installer\62bf2.msi + 2011-01-30 21:56 . 2011-01-30 21:56 479744 c:\windows\Installer\62bec.msi + 2011-01-30 21:56 . 2011-01-30 21:56 301056 c:\windows\Installer\62be7.msi + 2011-01-30 21:54 . 2011-01-30 21:54 817152 c:\windows\Installer\62bca.msi + 2011-01-30 21:46 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2011-01-30 21:46 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll + 2011-01-30 21:46 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe + 2011-01-30 21:46 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2011-01-30 21:46 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2011-01-30 21:46 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe + 2011-01-30 21:46 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll + 2011-01-30 21:46 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe + 2011-01-30 21:46 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2011-01-30 21:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2011-01-30 21:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe + 2011-01-30 21:46 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2011-01-30 21:44 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll + 2011-01-30 21:44 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe + 2011-01-30 21:44 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2011-01-30 21:44 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2011-01-30 21:44 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe + 2011-01-30 21:44 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2011-01-30 21:46 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB2416400-IE8\wininet.dll + 2011-01-30 21:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\updspapi.dll + 2011-01-30 21:46 . 2010-02-22 14:23 755576 c:\windows\ie8updates\KB2416400-IE8\update.exe + 2011-01-30 21:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll + 2011-01-30 21:46 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe + 2011-01-30 21:46 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst.exe + 2011-01-30 21:46 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB2416400-IE8\occache.dll + 2011-01-30 21:46 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll + 2011-01-30 21:46 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll + 2011-01-30 21:46 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll + 2011-01-30 21:46 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe + 2006-02-28 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll + 2006-02-28 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll + 2009-03-08 09:34 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-03-08 09:41 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll + 2011-01-30 21:46 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll + 2011-01-30 21:46 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-30 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2007-07-22 21:27 69632 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-07-22 21:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R1 MpKsl611250ae;MpKsl611250ae;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\MpKsl611250ae.sys [1/30/2011 4:58 PM 28752] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 8:17 AM 135664] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - MPFILTER *NewlyCreated* - MPKSL611250AE *NewlyCreated* - MSMPSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17] 2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17] 2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: {BD2467E0-F50E-4D09-AFB2-14D0E0941E57} = 192.168.3.5,24.213.60.93 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB FF - ProfilePath - c:\documents and settings\user.FTPD\Application Data\Mozilla\Firefox\Profiles\n2hppjva.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-31 07:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-01-31 07:19:41 ComboFix-quarantined-files.txt 2011-01-31 12:19 ComboFix2.txt 2011-01-30 21:33 Pre-Run: 52,808,208,384 bytes free Post-Run: 52,830,433,280 bytes free - - End Of File - - 471FDE8783F2AC0AA1FC065A52CD8624
  8. daytona
    Sorry, wouldn't upload. ComboFix 11-01-29.03 - user 01/30/2011 16:21:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1709 [GMT -5:00] Running from: c:\documents and settings\user.FTPD\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\user.FTPD\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\user.FTPD\Application Data\Adobe\plugs c:\windows\system\oeminfo.ini ----- BITS: Possible infected sites ----- hxxp://ftpddc1:8530 . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 ))))))))))))))))))))))))))))))) . 2011-01-30 14:14 . 2011-01-30 14:14 388096 ----a-r- c:\documents and settings\user.FTPD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-30 14:14 . 2011-01-30 14:14 -------- d-----w- c:\program files\Trend Micro 2011-01-30 13:59 . 2011-01-30 21:18 -------- d-----w- c:\windows\system32\CatRoot2 2011-01-30 13:17 . 2011-01-30 13:18 -------- d-----w- c:\program files\CCleaner 2011-01-30 13:07 . 2011-01-30 13:09 -------- dc-h--w- c:\windows\ie8 2011-01-29 21:43 . 2011-01-29 21:43 -------- d-----w- c:\program files\Windows Live Safety Center 2011-01-29 18:52 . 2009-03-08 09:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2011-01-29 18:52 . 2009-03-08 09:33 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll 2011-01-29 18:30 . 2011-01-30 12:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-01-29 18:30 . 2011-01-30 12:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-01-29 17:54 . 2011-01-29 17:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 17:34 . 2008-04-14 09:42 171008 ----a-w- c:\windows\system32\OLD18.tmp 2011-01-29 17:30 . 2011-01-29 17:34 -------- d-----w- c:\windows\LastGood(2) 2011-01-29 04:18 . 2011-01-29 04:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes 2011-01-29 02:26 . 2011-01-29 05:27 0 ----a-w- c:\windows\Aqamonibumeru.bin 2011-01-29 02:26 . 2011-01-29 02:26 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7} 2011-01-29 02:20 . 2011-01-29 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\oDoGmBe06511 2011-01-28 23:48 . 2011-01-28 23:48 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\smpCommsInit 2011-01-28 23:48 . 2011-01-29 21:42 -------- d-----w- c:\documents and settings\user.FTPD\Application Data\81422 2011-01-24 16:40 . 2011-01-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2011-01-23 14:27 . 2011-01-23 14:27 1409 ----a-w- c:\windows\QTFont.for 2011-01-13 15:02 . 2011-01-13 15:02 -------- d-----w- c:\documents and settings\LaFave\10-1177 2011-01-12 08:25 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll 2011-01-12 08:25 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll 2011-01-12 08:25 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll 2011-01-12 08:25 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll 2011-01-12 08:25 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll 2011-01-12 08:25 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll 2011-01-01 22:27 . 2011-01-01 22:27 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 23:09 . 2010-11-17 21:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2010-11-17 21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-07 21:11 . 2010-12-07 21:11 709456 ----a-w- c:\windows\isRS-000.tmp 2010-11-18 18:12 . 2004-08-10 19:02 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-02-28 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-30 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2007-07-22 21:27 69632 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-07-22 21:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 8:17 AM 135664] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17] 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: {BD2467E0-F50E-4D09-AFB2-14D0E0941E57} = 192.168.3.5,24.213.60.93 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB FF - ProfilePath - c:\documents and settings\user.FTPD\Application Data\Mozilla\Firefox\Profiles\n2hppjva.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-30 16:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-01-30 16:33:30 ComboFix-quarantined-files.txt 2011-01-30 21:33 Pre-Run: 51,185,737,728 bytes free Post-Run: 53,189,152,768 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 - - End Of File - - 2EF9CF3294A24B71F546DAC2783A5B9E
  9. daytona
    Here is the log file, and windows update works!!!!! thanks! am i clean now??
  10. daytona
    sorry for the spam this computer is not working that well
  11. daytona
    Ok attached all three..thanks so much 4 your help! oh and btw i need 2 burn these on a disc and transfer to another computer 2 post...also had another pop up hijackthis.log mbam_log_2011_01_30__11_06_29_.txt uninstall_list.txt
  12. daytona
    MAL-WARE Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5639 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/30/2011 11:06:29 AM mbam-log-2011-01-30 (11-06-29).txt Scan type: Quick scan Objects scanned: 222812 Time elapsed: 15 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ........................................... Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:09:02 AM, on 1/30/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\sessmgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071130 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1: O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR
  13. daytona
    MAL-WARE Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5639 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/30/2011 11:06:29 AM mbam-log-2011-01-30 (11-06-29).txt Scan type: Quick scan Objects scanned: 222812 Time elapsed: 15 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ........................................... Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:09:02 AM, on 1/30/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\sessmgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071130 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1: O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58
  14. daytona
    Thanks for your reply, However after running that I am still getting: Internet Explorer cannot display the webpage when attempting to go to windows update, other sites work.
  15. daytona
    I cannot access Windows update, ive ran every scanner type program I know! hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.